The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
Base Score: 3.5
Impact Score: 2.9
Exploitability Score: 6.8
Base Score: 5.4
Impact Score: 2.7
Exploitability Score: 2.3
|112345||Microsoft SharePoint Server 2019 build < 16.0.10345.12101 Multiple Vulnerabilities||Web Application Scanning||Component Vulnerability|
|112344||Microsoft SharePoint Server 2016 build < 16.0.4849.1000 Multiple Vulnerabilities||Web Application Scanning||Component Vulnerability|
|125227||Security Updates for Microsoft SharePoint Server (May 2019)||Nessus||Windows : Microsoft Bulletins|