XSS Vulnerability in Microsoft SharePoint Server and Microsoft Business Productivity Servers
CVE-2019-0558

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Sharepoint Server; Microsoft Sharepoint; Microsoft Business Productivity Servers
Vendor: CVE Published:; 8 January 2019

Summary

A cross-site scripting (XSS) vulnerability arises when Microsoft SharePoint Server fails to properly sanitize specially crafted web requests. This flaw allows attackers to inject malicious scripts into web pages viewed by users, which can lead to unauthorized actions on behalf of victims or exposure of sensitive data. The vulnerability impacts several Microsoft platforms, including Microsoft SharePoint and Microsoft Business Productivity Servers, making it crucial for organizations to apply appropriate security measures.

Affected Version(s)

Microsoft Business Productivity Servers 2010 Service Pack 2

Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Microsoft SharePoint Enterprise Server 2016

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106389

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 8, 2019
Vulnerability Reserved
Nov 26, 2018