Microsoft Office Out-of-box Experience — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Office Out-of-box Experience, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (1)
CVE-2025-64677 — CVSS 8.2 (high): Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized…