Reflective XSS Vulnerability in Microsoft SharePoint Server
CVE-2020-0795

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Sharepoint Enterprise Server; Microsoft Business Productivity Servers; Microsoft Sharepoint Foundation
Vendor: CVE Published:; 12 March 2020

Summary

This vulnerability occurs when Microsoft SharePoint Server fails to adequately sanitize specially crafted requests. An authenticated attacker can exploit this flaw by sending a malicious request to an affected SharePoint server. This can potentially allow the attacker to execute scripts in the context of the user’s session, leading to unauthorized access and manipulation of data, making it crucial for organizations to apply the necessary security updates.

Affected Version(s)

Microsoft Business Productivity Servers 2010 Service Pack 2

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Foundation 2013 Service Pack 1

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 12, 2020
Vulnerability Reserved
Nov 4, 2019