Severity
Medium
Analysis Summary
CVE-2019-0830
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’.
CVE-2019-0831
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’.
Impact
Cross Site Scripting
Affected Vendors
Microsoft
Affected Products
Remediation
Vendor has released updates for the following products
Microsoft SharePoint Enterprise Server 2016 (KB4464510):
https://www.microsoft.com/downloads/details.aspx?familyid=651f7b7b-0ffd-4f87-8220-abecb26b33e6
Microsoft SharePoint Server 2019 (KB4464518):
https://www.microsoft.com/downloads/details.aspx?familyid=e9a9e875-9e19-42b1-8726-7c8047693f89
Microsoft SharePoint Foundation 2013 Service Pack 1 (KB4464515):
https://www.microsoft.com/downloads/details.aspx?familyid=c3ccd934-34cf-4171-8269-b4f0b0e3e695
Microsoft SharePoint Foundation 2010 Service Pack 2 (KB4464528):
https://www.microsoft.com/downloads/details.aspx?familyid=4ac767aa-15b0-48d0-891d-ac0fbb0c65df