{"cve":{"cve_id":"CVE-2019-0558","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01996,"epss_percentile":0.7813,"epss_as_of":"2026-06-23","description":"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.","published_at":"2019-01-08T21:00:00Z","last_modified_at":null,"cvss_v3_score":5.4,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-79"],"nvd_references":["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558","http://www.securityfocus.com/bid/106389"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:11:48.126781Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"microsoft-business-productivity-servers","product_name":"Microsoft Business Productivity Servers","version_start":"2010 Service Pack 2","version_start_inclusive":true,"version_end":"2010 Service Pack 2","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:microsoft-business-productivity-servers:2010 Service Pack 2:2010 Service Pack 2"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"microsoft-sharepoint","product_name":"Microsoft SharePoint","version_start":"Enterprise Server 2013 Service Pack 1","version_start_inclusive":true,"version_end":"Enterprise Server 2013 Service Pack 1","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:microsoft-sharepoint:Enterprise Server 2013 Service Pack 1:Enterprise Server 2013 Service Pack 1"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"microsoft-sharepoint","product_name":"Microsoft SharePoint","version_start":"Enterprise Server 2016","version_start_inclusive":true,"version_end":"Enterprise Server 2016","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:microsoft-sharepoint:Enterprise Server 2016:Enterprise Server 2016"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"microsoft-sharepoint-server","product_name":"Microsoft SharePoint Server","version_start":"2019","version_start_inclusive":true,"version_end":"2019","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:microsoft-sharepoint-server:2019:2019"}],"exploit_refs":[],"news":[],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"http://www.securityfocus.com/bid/106389","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2019-01-08T21:00:00Z","label":"CVE published","source":null},{"type":"ssvc_changed","at":"2026-06-24T00:31:17.516004Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:17.516004Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:17.516004Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:17.516004Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:17.516004Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:17.516004Z","label":"CVSS score revised","source":"vulnrichment"}]}