CVE-2020-1451

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to insufficient sanitization of web requests, which can lead to cross-site scripting attacks. An attacker could exploit this by sending a specially crafted web request to the vulnerable server, allowing them to perform actions such as reading unauthorized content, changing permissions, deleting content, and injecting malicious content into the user's browser.

Recommendations For Microsoft SharePoint Server, update to a version that properly sanitizes web requests to prevent cross-site scripting attacks. For Microsoft SharePoint Enterprise Server, apply configuration changes to ensure that web requests are properly sanitized to mitigate the risk of cross-site scripting attacks. As a temporary workaround, consider restricting access to sensitive areas of the SharePoint site to minimize the risk of exploitation.