CVE-2020-0891

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description This issue is caused by the failure of SharePoint Server to properly sanitize a specially crafted request, allowing an authenticated attacker to exploit it by sending a crafted request to an affected server. The attacker could then perform cross-site scripting attacks on affected systems, running scripts in the security context of the current user. These attacks could allow the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, such as changing permissions, deleting content, stealing sensitive information, and injecting malicious content in the victim's browser.

Recommendations As a temporary workaround, consider disabling the functionality that allows specially crafted requests to be processed by the SharePoint server until a patch is available. Restrict access to the affected SharePoint servers to minimize the risk of exploitation. Avoid using the affected SharePoint servers for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.