CVE-2020-1104

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to the failure to protect the web page structure, allowing for a spoofing vulnerability. An authenticated attacker could exploit this by sending a specially crafted request to an affected server. Successful exploitation could lead to cross-site scripting attacks, allowing the attacker to read unauthorized content, use the victim's identity to take actions on the site, and inject malicious content into the user's browser.

Recommendations For Microsoft SharePoint Server, consider restricting access to specially crafted web requests until a patch is available. For Microsoft SharePoint Foundation, restrict access to vulnerable web pages to minimize the risk of exploitation. For Microsoft SharePoint Enterprise Server, as a temporary workaround, consider disabling the ability to send specially crafted requests to the server until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.