CVE-2019-0558

Summary

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft SharePoint Server2019affected
MicrosoftMicrosoft SharePointEnterprise Server 2013 Service Pack 1affected
MicrosoftMicrosoft SharePointEnterprise Server 2016affected
MicrosoftMicrosoft Business Productivity Servers2010 Service Pack 2affected

Weaknesses

  • Spoofing

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References