Vulnerabilities > Microsoft > Office Online Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-14 | CVE-2020-1342 | Use of Uninitialized Resource vulnerability in Microsoft products An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. | 5.5 |
| 2020-02-11 | CVE-2020-0695 | Origin Validation Error vulnerability in Microsoft Office Online Server A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'. | 5.4 |
| 2020-01-14 | CVE-2020-0647 | Origin Validation Error vulnerability in Microsoft Office Online Server A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. | 5.4 |
| 2019-11-12 | CVE-2019-1447 | Origin Validation Error vulnerability in Microsoft Office Online Server A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. | 5.4 |
| 2019-11-12 | CVE-2019-1446 | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | 5.5 |
| 2019-11-12 | CVE-2019-1445 | Origin Validation Error vulnerability in Microsoft Office Online Server A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. | 5.4 |
| 2018-06-14 | CVE-2018-8247 | Cross-site Scripting vulnerability in Microsoft Office Online Server and Office web Apps An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. | 5.4 |
| 2017-04-12 | CVE-2017-0195 | Cross-site Scripting vulnerability in Microsoft products Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability." | 5.4 |