CVE-2020-0973

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to the failure to protect the web page structure, allowing for cross-site scripting attacks. An attacker could exploit this by sending a specially crafted request to the vulnerable SharePoint server, potentially leading to unauthorized actions such as reading restricted content, changing permissions, deleting content, and injecting malicious content into the user's browser.

Recommendations For Microsoft SharePoint Server, update to a version that includes proper sanitization of web requests to prevent cross-site scripting attacks. For Microsoft SharePoint Enterprise Server, apply configuration changes to restrict access to vulnerable components until a patch is available. As a temporary workaround, consider restricting access to the SharePoint site to minimize the risk of exploitation.