Oval Definition:oval:org.mitre.oval:def:24480
Revision Date:2014-07-07Version:6
Title:SharePoint XSS Vulnerability (CVE-2014-1754) - MS14-022
Description:Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-1754
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):Microsoft Office Web Apps Server 2013
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2013 Client Components SDK
Definition Synopsis
  • foundation 2013/version
  • Check if the version of Microsoft.Office.Server.Msg.dll is less than 15.0.4514.1000
  • AND 2013/sp1
  • Microsoft SharePoint Server 2013 is installed
  • OR Microsoft SharePoint Server 2013 SP1 is installed
  • OR sharepoint foundation 2013/version
  • 2013/sp1
  • Microsoft SharePoint Foundation 2013 is installed
  • OR Microsoft SharePoint Foundation 2013 SP1 is installed
  • AND either versions
  • Check if the version of wsssetup.dll is less than 15.0.4615.1000
  • OR Check if the version of wsetupui.dll is less than 15.0.4561.1000
  • OR web apps server 2013/version
  • 2013/sp1
  • Microsoft Office Web Apps Server 2013 is installed
  • OR Microsoft Office Web Apps Server 2013 SP1 is installed
  • AND Check if the version of msoserver.dll is less than 15.0.4615.1000
  • OR SharePoint Server 2013 Client Components SDK/version
  • Microsoft SharePoint Server 2013 Client Components SDK is installed
  • AND Check if the version of Microsoft.sharepoint.client.dll is less than 15.0.4609.1000
    • BACK