CVE-2019-0558

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Sharepoint Server; Microsoft Sharepoint; Microsoft Business Productivity Servers
Vendor: CVE Published:; 8 January 2019

Summary

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.

Affected Version(s)

Microsoft Business Productivity Servers 2010 Service Pack 2

Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Microsoft SharePoint Enterprise Server 2016

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106389

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 8, 2019
Vulnerability Reserved
Nov 26, 2018

Collectors

NVD DatabaseMitre Database