CVE-2020-1454

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to insufficient sanitization of web requests in Microsoft SharePoint Server, allowing a remote attacker to conduct cross-site scripting attacks by sending a specially crafted request to the vulnerable server or by visiting a malicious link. This can enable the attacker to view content without proper access rights, use the user's identifier to perform actions on the SharePoint site on their behalf, and inject malicious content into the browser.

Recommendations For Microsoft SharePoint Server, update to a version that properly sanitizes web requests to prevent cross-site scripting attacks. For Microsoft SharePoint Enterprise Server, apply the necessary configuration changes to ensure proper handling of specially crafted requests. As a temporary workaround, consider restricting access to vulnerable components of the SharePoint server until a patch is available. Avoid using links or visiting sites that may contain malicious content until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.