Description
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Microsoft / Microsoft SharePoint Enterprise Server2016 – 2016
- Microsoft / Microsoft SharePoint Enterprise Server2013 Service Pack 1 – 2013 Service Pack 1
- Microsoft / Microsoft SharePoint Foundation2010 Service Pack 2 – 2010 Service Pack 2
- Microsoft / Microsoft SharePoint Foundation2013 Service Pack 1 – 2013 Service Pack 1
- Microsoft / Microsoft SharePoint Server2019 – 2019