CVE-2019-0558

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.

Published: Jan 8, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-0558
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
microsoft / business_productivity_servers	2010-sp2	2010-sp2.x
microsoft / sharepoint_server	2019	2019.x
microsoft / sharepoint_server	2013-sp1	2013-sp1.x
microsoft / sharepoint_server	2016	2016.x

http://www.securityfocus.com/bid/106389
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558

Vulnerability Database

289,697

CVE-2019-0558