3.5
CVSSv2

CVE-2019-1262

Published: 11/09/2019 Updated: 24/09/2019
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the malicious user to steal cookie-based authentication credentials and launch other attacks.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftSharepoint Foundation2013

Exploits

# Exploit Title: Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistent Cross-Site Scripting # Author: Davide Cioccia # Discovery Date: 2019-09-25 # Vendor Homepage: wwwmicrosoftcom # Software Link: supportmicrosoftcom/en-us/help/2880552/description-of-microsoft-sharepoint-server-2013-service-pack-1-sp1 # Tested Version: ...

Mailing Lists

Microsoft SharePoint 2013 SP1 suffers from a persistent cross site scripting vulnerability ...

Recent Articles

Microsoft Patch Tuesday – September 2019
Symantec Threat Intelligence Blog • Preethi Koroth • 11 Sep 2019

This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.

Posted: 11 Sep, 201923 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – September 2019This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.

As always, customers are advised to follow these security best practices:


Install vendor patches as s...