Description
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0795.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Microsoft / Microsoft SharePoint Enterprise Server2016 – 2016
- Microsoft / Microsoft SharePoint Foundation2010 Service Pack 2 – 2010 Service Pack 2
- Microsoft / Microsoft SharePoint Foundation2013 Service Pack 1 – 2013 Service Pack 1
- Microsoft / Microsoft SharePoint Server2019 – 2019