Rewterz Threat Advisory – Microsoft Exchange Server OWA Multiple Spoofing Vulnerabilities
April 11, 2019Rewterz threat Advisory – Microsoft Internet Explorer Multiple Vulnerabilities
April 11, 2019Severity
Medium
Analysis Summary
CVE-2019-0830
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’.
CVE-2019-0831
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’.
Impact
Cross Site Scripting
Affected Vendors
Microsoft
Affected Products
- Microsoft SharePoint Foundation 2010
- Microsoft SharePoint Foundation 2013
- Microsoft SharePoint Server 2016
- Microsoft SharePoint Server 2019
Remediation
Vendor has released updates for the following products
Microsoft SharePoint Enterprise Server 2016 (KB4464510):
https://www.microsoft.com/downloads/details.aspx?familyid=651f7b7b-0ffd-4f87-8220-abecb26b33e6
Microsoft SharePoint Server 2019 (KB4464518):
https://www.microsoft.com/downloads/details.aspx?familyid=e9a9e875-9e19-42b1-8726-7c8047693f89
Microsoft SharePoint Foundation 2013 Service Pack 1 (KB4464515):
https://www.microsoft.com/downloads/details.aspx?familyid=c3ccd934-34cf-4171-8269-b4f0b0e3e695
Microsoft SharePoint Foundation 2010 Service Pack 2 (KB4464528):
https://www.microsoft.com/downloads/details.aspx?familyid=4ac767aa-15b0-48d0-891d-ac0fbb0c65df