CVE-2015-6037

CVE Database · CVE-2015-6037

CVE-2015-6037

· N/AModified

CVSS v3.1

N/A

EPSS

9.88%

Published

Oct 13, 2015

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka "Microsoft Office Web Apps XSS Spoofing Vulnerability."

Weaknesses (CWE)

CWE-79

Affected Products (6)

microsoft · excel_web_appvulnerable

microsoft · office_web_appsvulnerable

microsoft · sharepoint_foundationvulnerable

microsoft · sharepoint_servervulnerable

References (6)

http://www.securitytracker.com/id/1033803

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1033804

Third Party AdvisoryVDB Entry