CVE-2019-0558

CVE Database · CVE-2019-0558

CVE-2019-0558

· MEDIUMModified

CVSS v3.1

5.4

EPSS

2.00%

Published

Jan 8, 2019

Modified

Feb 28, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79CWE-79

Affected Products (4)

microsoft · business_productivity_serversvulnerable

microsoft · sharepoint_servervulnerable

References (4)

http://www.securityfocus.com/bid/106389

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558

PatchVendor Advisory

http://www.securityfocus.com/bid/106389

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs