A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server

 

Overview :
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-0893.

Reference Key

Each reference used in CVE has the following structure:

SOURCE: NAME

  • SOURCE is an alphanumeric keyword.
    (Examples: “BUGTRAQ”, “OVAL”, etc.)
  • NAME is a single line of ASCII text and can include colons and spaces.
    (Examples: “BUGTRAQ: Posting to Bugtraq mailing list”; “OVAL: Open Vulnerability and Assessment Language (OVAL) vulnerability definition”; etc.)

Where possible, the NAME is selected to facilitate searches on a SOURCE’s website. For references that do not have a well-defined identifier, a release date and/or subject header may be included.

Reference Order

References are typically listed in the order below:

  • Initial announcement
  • Response team advisory
  • Vendor acknowledgement/advisory
  • All other public sources

 

Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

FAQ

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

Acknowledgements

Huynh Phuoc Hung,  @hph0var

See acknowledgements for more information.