CVE-2019-0558

EPSS 0.49%
Veröffentlicht 08.01.2019 21:29:01
Zuletzt bearbeitet 28.02.2025 21:15:13
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Business Productivity Servers Version2010 Updatesp2

Microsoft ≫ Sharepoint Server Version2013 Updatesp1 SwEditionenterprise

Microsoft ≫ Sharepoint Server Version2016 SwEditionenterprise

Microsoft ≫ Sharepoint Server Version2019

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.643

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securityfocus.com/bid/106389

Third Party Advisory

VDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-0558

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-0558

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-0558

EUVD