CVE-2020-1456

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server versions prior to the fixed version Microsoft SharePoint Enterprise Server versions prior to the fixed version

Description The issue is related to insufficient sanitization of web requests, allowing an attacker to conduct cross-site scripting attacks by sending a specially crafted web request to the vulnerable server. This could enable the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, and inject malicious content into the user's browser.

Recommendations For Microsoft SharePoint Server versions prior to the fixed version, update to the latest version to resolve the issue. For Microsoft SharePoint Enterprise Server versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to vulnerable API endpoints until a patch is available. Avoid using vulnerable parameters in affected API endpoints until the issue is resolved.