BID:106387

Microsoft Office SharePoint CVE-2019-0556 Cross Site Scripting Vulnerability

CVE-2019-556 |

Info

Microsoft Office SharePoint CVE-2019-0556 Cross Site Scripting Vulnerability

Bugtraq ID:	106387
Class:	Input Validation Error
CVE:	CVE-2019-0556
Remote:	Yes
Local:	No
Published:	Jan 08 2019 12:00AM
Updated:	Jan 08 2019 12:00AM
Credit:	Ashar Javed of Hyundai AutoEver Europe GmbH
Vulnerable:	Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Not Vulnerable:

Discussion

Microsoft Office SharePoint CVE-2019-0556 Cross Site Scripting Vulnerability

Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content on behalf of the victim on the SharePoint site.

Exploit / POC

Microsoft Office SharePoint CVE-2019-0556 Cross Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.

Solution / Fix

Microsoft Office SharePoint CVE-2019-0556 Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Microsoft Office SharePoint CVE-2019-0556 Cross Site Scripting Vulnerability

References:

Microsoft Homepage (Microsoft)
CVE-2019-0556 | Microsoft Office SharePoint XSS Vulnerability (Microsoft)