CVE-2019-0558

EPSS 0.49%
Published 08.01.2019 21:29:01
Last modified 28.02.2025 21:15:13
Source secure@microsoft.com
Teams watchlist Login
Open Login

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Business Productivity Servers Version2010 Updatesp2

Microsoft ≫ Sharepoint Server Version2013 Updatesp1 SwEditionenterprise

Microsoft ≫ Sharepoint Server Version2016 SwEditionenterprise

Microsoft ≫ Sharepoint Server Version2019

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.49%	0.643

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securityfocus.com/bid/106389

Third Party Advisory

VDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-0558

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-0558

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-0558

EUVD