CVE-2019-0558

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.8%

top 26.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Business Productivity Servers Microsoft Microsoft Sharepoint Microsoft Microsoft Sharepoint Server +2 more

Timeline

PublishedJan 8

Latest updateMay 14

Description

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

▶NVDmicrosoft/sharepoint_server2013, 2016, 2019+2

▶CVEListV5microsoft/microsoft_sharepoint_server2019

▶NVDmicrosoft/business_productivity_servers2010

▶CVEListV5microsoft/microsoft_business_productivity_servers2010 Service Pack 2

▶CVEListV5microsoft/microsoft_sharepointEnterprise Server 2013 Service Pack 1, Enterprise Server 2016+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-rvmf-46hh-x3rp: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an af↗2022-05-14

▶

CVEList

CVE-2019-0558: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an af↗2019-01-08

▶

📋Vendor Advisories

Microsoft

Microsoft Office SharePoint XSS Vulnerability↗2019-01-08

▶