CVE-2020-0891
published 2020-03-12CVE-2020-0891: This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0795.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | business_productivity_servers | — | — |
| microsoft | microsoft_sharepoint_enterprise_server | — | — |
| microsoft | microsoft_sharepoint_foundation | — | — |
| microsoft | microsoft_sharepoint_foundation | — | — |
| microsoft | microsoft_sharepoint_server | — | — |
| microsoft | sharepoint_enterprise_server | — | — |
| microsoft | sharepoint_foundation | — | — |
| microsoft | sharepoint_foundation | — | — |
| microsoft | sharepoint_server | — | — |
| msrc | microsoft_sharepoint_enterprise_server_2016 | — | — |
| msrc | microsoft_sharepoint_foundation_2010_service_pack_2 | — | — |
| msrc | microsoft_sharepoint_foundation_2013_service_pack_1 | — | — |
| msrc | microsoft_sharepoint_server_2019 | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.5MEDIUM