CVE-2020-1198

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description: A cross-site-scripting (XSS) issue exists due to the improper sanitization of specially crafted web requests. This could allow an authenticated attacker to perform cross-site scripting attacks, potentially enabling them to read unauthorized content, use the victim's identity to take actions on the SharePoint site, and inject malicious content into the user's browser.

Recommendations: As a temporary workaround, consider restricting access to vulnerable components of Microsoft SharePoint Server until a patch is available. Apply the security update to ensure that SharePoint Server properly sanitizes web requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.