CVE-2019-1033

Description

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka Microsoft Office SharePoint XSS Vulnerability. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1036.

Risk Information

Base Score

5.4

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.443

Associated Vulnerability

Vulnerability	OS Platform
Microsoft Word Remote Code Execution Vulnerability for Microsoft SharePoint Foundation 2013 (KB4464602)	Windows
Microsoft Word Remote Code Execution Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB4464594)	Windows
Microsoft Office SharePoint XSS Vulnerability for Microsoft Project Server 2010 (KB4092442)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-26890	Security Update for Microsoft SharePoint Foundation 2013 (KB4464602)
PATCH-26923	Security Update for Microsoft SharePoint Enterprise Server 2016 (KB4464594)
PATCH-26882	Security Update for Microsoft Project Server 2010 (KB4092442)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234