vulnerability

Microsoft SharePoint: CVE-2019-1134: Microsoft Office SharePoint XSS Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Jul 15, 2019	May 15, 2023	Aug 12, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Jul 15, 2019

Added

May 15, 2023

Modified

Aug 12, 2025

Description

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

Solutions

microsoft-sharepoint-sharepoint_2016-kb4475520microsoft-sharepoint-sharepoint_2019-kb4475529

References

CVE-2019-1134
https://attackerkb.com/topics/CVE-2019-1134
CWE-79
https://support.microsoft.com/help/4475520
https://support.microsoft.com/help/4475529

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report