CVE-2020-0693: 
vulnerability analysis and mitigation

A cross-site-scripting (XSS) vulnerability (CVE-2020-0693) exists when Microsoft SharePoint Server does not properly sanitize specially crafted web requests to an affected SharePoint server. The vulnerability was disclosed and patched by Microsoft in February 2020, affecting SharePoint Foundation 2013 SP1 and other SharePoint Server versions (MITRE CVE).

The vulnerability is classified as a cross-site scripting (XSS) issue that occurs due to improper sanitization of web requests in SharePoint Server. The vulnerability received a CVSS v3.1 Base Score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that it requires network access, low attack complexity, low privileges, and user interaction (NVD).

The successful exploitation of this vulnerability could allow an attacker to execute cross-site scripting attacks, potentially leading to unauthorized disclosure of information or execution of arbitrary scripts in the context of the affected SharePoint server (MITRE CVE).

Microsoft released security update 4484264 for SharePoint Foundation 2013 SP1 to address this vulnerability. The update can be obtained through Microsoft Update, Microsoft Update Catalog, or the Microsoft Download Center. To apply this security update, users must have the release version of Service Pack 1 for Microsoft SharePoint Foundation 2013 installed (Microsoft Support).