CVE-2019-0558

moderate-risk

Published 2019-01-08

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.

Do I need to act?

0.79% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.4/10 Medium

NETWORK / LOW complexity

Affected Products (4)

Business Productivity Servers

Sharepoint Server

Affected Vendors

Microsoft

References (4)

Third Party Advisory http://www.securityfocus.com/bid/106389

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558

Third Party Advisory http://www.securityfocus.com/bid/106389

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 3/34 · Minimal

Exposure 10/34 · Low