CVE-2019-1203

MEDIUMNVD 5.45.4
EchelonGraph scoreMEDIUM confidence

Score 5.4 from GitHub Security Advisory published 2022-05-24. NVD baseline CVSS 5.4; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, nvd
5.4
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 2%CVSS: 5.4Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.

CVSS v3
5.4
EG Score
5.4(medium)
EPSS
74.1%
KEV
Not listed

Published

August 14, 2019

Last Modified

February 20, 2026

Frequently asked(5)

What is CVE-2019-1203?
CVE-2019-1203 is a medium vulnerability published on August 14, 2019. A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint…
When was CVE-2019-1203 disclosed?
CVE-2019-1203 was first published in the National Vulnerability Database on August 14, 2019, with the most recent update on February 20, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2019-1203 actively exploited?
CVE-2019-1203 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 74.1% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2019-1203?
CVE-2019-1203 has a CVSS v3 base score of 5.4 (NVD).
How do I remediate CVE-2019-1203?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2019-1203, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2019-1203

Explore →

Is Your Infrastructure Affected by CVE-2019-1203?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.