CVE-2019-0558
Description
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka Microsoft Office SharePoint XSS Vulnerability. This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.792
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft Office SharePoint XSS Vulnerability for Microsoft SharePoint Enterprise Server 2013 (KB4461591) | Windows |
| Microsoft Office SharePoint XSS Vulnerability for 2010 Microsoft Business Productivity Servers (KB4461624) | Windows |
| Microsoft Office SharePoint XSS Vulnerability for SharePoint Enterprise Server 2016 (KB4461598) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-25944 | Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4461591) |
| PATCH-25930 | Security Update for 2010 Microsoft Business Productivity Servers (KB4461624) |
| PATCH-26014 | Description of the security update for SharePoint Enterprise Server 2016 (KB4461598) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234