CVE-2018-8247: XSS
First published: Thu Jun 14 2018(Updated: )
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office Online Server | =2016 | |
| Microsoft Office Web Apps | =2013-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-8247?
CVE-2018-8247 is an elevation of privilege vulnerability in Microsoft Office Web Apps Server 2013 and Office Online Server.
What is the severity of CVE-2018-8247?
The severity of CVE-2018-8247 is medium with a CVSS score of 5.4.
Which software is affected by CVE-2018-8247?
Microsoft Office Web Apps Server 2013 and Office Online Server are affected by CVE-2018-8247.
How can I fix CVE-2018-8247?
To fix CVE-2018-8247, apply the latest security updates provided by Microsoft.
Where can I find more information about CVE-2018-8247?
You can find more information about CVE-2018-8247 on the Microsoft Security Guidance Advisory page.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft office online server
- version/microsoft office online server/2016
- canonical/microsoft office web apps
- version/microsoft office web apps/2013-sp1