CVE-2020-0795: 
vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability exists in Microsoft SharePoint Server when it does not properly sanitize specially crafted requests to an affected SharePoint server. This vulnerability, identified as CVE-2020-0795, was disclosed in March 2020 and affects various versions of Microsoft SharePoint Server (NIST NVD).

The vulnerability is classified as a Reflective XSS vulnerability with a CVSS v3.1 Base Score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The issue stems from improper sanitization of user input in SharePoint Server, which could allow malicious script execution in the context of the user's browser (NIST NVD).

An authenticated attacker who successfully exploits this vulnerability could perform cross-site scripting attacks by sending specially crafted requests to an affected SharePoint server. This could potentially allow the attacker to execute scripts in the context of the user's session (NIST NVD).

Microsoft released security updates to address this vulnerability in March 2020. The patches are available through the Microsoft Update service and can be installed via Windows Update. The security update addresses the vulnerability by correcting how SharePoint Server sanitizes user input (Microsoft Support).