CVE-2020-1318

Summary

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft SharePoint Enterprise Server2016affected
MicrosoftMicrosoft SharePoint Enterprise Server2013 Service Pack 1affected
MicrosoftMicrosoft SharePoint Server2019affected
MicrosoftMicrosoft SharePoint Foundation2010 Service Pack 2affected
MicrosoftMicrosoft SharePoint Foundation2013 Service Pack 1affected

Weaknesses

  • Spoofing

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References