Overview :
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-0893.
Reference Key :
Each reference used in CVE has the following structure:
SOURCE: NAME
-
SOURCE is an alphanumeric keyword.
(Examples: “BUGTRAQ”, “OVAL”, etc.) -
NAME is a single line of ASCII text and can include colons and spaces.
(Examples: “BUGTRAQ: Posting to Bugtraq mailing list”; “OVAL: Open Vulnerability and Assessment Language (OVAL) vulnerability definition”; etc.)
Where possible, the NAME is selected to facilitate searches on a SOURCE’s website. For references that do not have a well-defined identifier, a release date and/or subject header may be included.
Reference Order :
References are typically listed in the order below:
-
Initial announcement
-
Response team advisory
-
Vendor acknowledgement/advisory
-
All other public sources
Mitigations :
Microsoft has not identified any mitigating factors for this vulnerability.
Workarounds :
Microsoft has not identified any workarounds for this vulnerability.
FAQ :
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Acknowledgements :
Huynh Phuoc Hung, @hph0var
See acknowledgements for more information.
