Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
office web vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-31145
Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a...
Collabora Online
6.5
CVSSv3
CVE-2023-23396
Microsoft Excel Denial of Service Vulnerability
Microsoft Office Web Apps Server 2013
Microsoft Office Online Server -
1 Github repository
7.8
CVSSv3
CVE-2023-23399
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel 2016
Microsoft Office Web Apps Server 2013
Microsoft Office 2013
Microsoft Excel 2013
Microsoft Office Online Server -
Microsoft Office 2016
Microsoft Office 2019
Microsoft 365 Apps -
Microsoft Office Long Term Servicing Channel 2021
7.5
CVSSv3
CVE-2022-47075
An issue exists in Smart Office Web 20.28 and previous versions allows malicious users to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
Smartofficepayroll Smartoffice
1 EDB exploit
7.5
CVSSv3
CVE-2022-47076
An issue exists in Smart Office Web 20.28 and previous versions allows malicious users to view sensitive information via DisplayParallelLogData.aspx.
Smartofficepayroll Smartoffice
1 EDB exploit
9.8
CVSSv3
CVE-2023-21716
Microsoft Word Remote Code Execution Vulnerability
Microsoft Word 2013
Microsoft Office Web Apps 2013
Microsoft Sharepoint Foundation 2013
Microsoft Sharepoint Enterprise Server 2016
Microsoft Office Online Server 2016
Microsoft Sharepoint Enterprise Server 2013
Microsoft Sharepoint Server 2019
Microsoft Office 2019
Microsoft Office Long Term Servicing Channel 2021
Microsoft Sharepoint Server -
11 Github repositories
4.3
CVSSv3
CVE-2022-38756
A vulnerability has been identified in Micro Focus GroupWise Web in versions before 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.
Microfocus Groupwise
5.5
CVSSv3
CVE-2022-41060
Microsoft Word Information Disclosure Vulnerability
Microsoft Word 2013
Microsoft Word 2016
Microsoft Office Web Apps Server 2013
Microsoft Sharepoint Enterprise Server 2016
Microsoft Office Online Server -
Microsoft Sharepoint Enterprise Server 2013
Microsoft Office 2019
Microsoft Sharepoint Server 2019
Microsoft 365 Apps -
Microsoft Sharepoint Server -
Microsoft Office 2021
7.8
CVSSv3
CVE-2022-41061
Microsoft Word Remote Code Execution Vulnerability
Microsoft Word 2013
Microsoft Word 2016
Microsoft Office Web Apps Server 2013
Microsoft Sharepoint Enterprise Server 2016
Microsoft Office Online Server -
Microsoft Sharepoint Enterprise Server 2013
Microsoft Sharepoint Server 2019
Microsoft Office 2019
Microsoft 365 Apps -
Microsoft Sharepoint Server -
Microsoft Office 2021
7.8
CVSSv3
CVE-2022-41063
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office Web Apps Server 2013
Microsoft Office Online Server -
Microsoft Office 2019
Microsoft 365 Apps -
Microsoft Office 2021
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »