CVE-2019-0558
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Microsoft SharePoint Server | 2019 | affected |
| Microsoft | Microsoft SharePoint | Enterprise Server 2013 Service Pack 1 | affected |
| Microsoft | Microsoft SharePoint | Enterprise Server 2016 | affected |
| Microsoft | Microsoft Business Productivity Servers | 2010 Service Pack 2 | affected |
Weaknesses
- Spoofing
ADP Enrichment
CVE Program Container
Additional References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558
- http://www.securityfocus.com/bid/106389
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558
- http://www.securityfocus.com/bid/106389
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.