CVE-2020-0891: 
vulnerability analysis and mitigation

CVE-2020-0891 is a Reflective Cross-Site Scripting (XSS) vulnerability in Microsoft SharePoint Server. The vulnerability exists when SharePoint Server fails to properly sanitize specially crafted requests to an affected SharePoint server. This vulnerability was disclosed on March 10, 2020, and affects multiple versions of SharePoint Server including SharePoint Enterprise Server 2016, SharePoint Foundation 2010 SP2, SharePoint Foundation 2013 SP1, and SharePoint Server 2019 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) (NVD).

If successfully exploited, an authenticated attacker could perform cross-site scripting attacks by sending specially crafted requests to an affected SharePoint server. This could potentially lead to unauthorized information disclosure and integrity impacts, though no availability impact has been noted (NVD).

Microsoft has released security updates to address this vulnerability. The patches are available through the March 2020 security updates for affected SharePoint Server versions. The update addresses the vulnerability by ensuring proper sanitization of specially crafted requests (Microsoft Support).