CVE-2020-0926

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to the failure to properly protect the web page structure, allowing for cross-site scripting attacks. An authenticated attacker could exploit this by sending a specially crafted request to an affected server, potentially leading to the execution of scripts in the context of the current user. This could enable the attacker to read unauthorized content, use the victim's identity to take actions on the site, and inject malicious content into the user's browser.

Recommendations For Microsoft SharePoint Server, consider restricting access to sensitive areas of the site until a fix is available. For Microsoft SharePoint Foundation, avoid using specially crafted web requests to affected servers until the issue is resolved. For Microsoft SharePoint Enterprise Server, as a temporary workaround, consider disabling the ability to send specially crafted requests to the server until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.