CVE-2020-1099

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to the failure to protect the web page structure, which can lead to a cross-site scripting attack. An authenticated attacker could exploit this by sending a specially crafted request to an affected server, allowing them to perform cross-site scripting attacks, read unauthorized content, use the victim's identity to take actions on the site, and inject malicious content into the user's browser.

Recommendations For Microsoft SharePoint Server, update to a version that properly sanitizes web requests to prevent cross-site scripting attacks. For Microsoft SharePoint Enterprise Server, apply security measures to protect against specially crafted requests that could lead to cross-site scripting attacks. As a temporary workaround, consider restricting access to sensitive areas of the SharePoint site to minimize the risk of exploitation.