CVE-2019-1134

Summary

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft SharePoint Enterprise Server2016affected
MicrosoftMicrosoft SharePoint Enterprise Server2013 Service Pack 1affected
MicrosoftMicrosoft SharePoint Server2019affected

Weaknesses

  • Spoofing

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References