CVE-2020-0954

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to the failure to protect the web page structure, allowing for cross-site scripting attacks. An authenticated attacker could exploit this by sending a specially crafted request to an affected server, potentially leading to the execution of script in the context of the current user. This could enable the attacker to read unauthorized content, use the victim's identity to take actions such as changing permissions and deleting content, and inject malicious content into the user's browser.

Recommendations For Microsoft SharePoint Server, update to a version that properly sanitizes web requests to prevent cross-site scripting attacks. For Microsoft SharePoint Enterprise Server, apply configuration changes to ensure the protection of the web page structure and prevent exploitation. As a temporary workaround, consider restricting access to sensitive areas of the SharePoint site to minimize the risk of exploitation.