CVE-2020-0893: 
vulnerability analysis and mitigation

A cross-site-scripting (XSS) vulnerability (CVE-2020-0893) exists when Microsoft SharePoint Server does not properly sanitize specially crafted web requests to an affected SharePoint server. This vulnerability was disclosed on March 10, 2020, and affects multiple versions of SharePoint Enterprise Server including 2013 SP1, 2016, and 2019 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates the vulnerability requires low attack complexity, requires low privileges, and needs user interaction. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD).

If successfully exploited, this vulnerability could allow an attacker to perform cross-site scripting attacks on affected systems. The attacker could potentially execute malicious code in the security context of the current user, potentially leading to unauthorized access to content, execution of malicious code, and impersonation of legitimate users (Microsoft Support).

Microsoft has released security updates to address this vulnerability. The fix involves correcting how SharePoint Server sanitizes web requests. Users are advised to apply the security update KB4484150 for SharePoint Enterprise Server 2013 SP1 and corresponding updates for other affected versions (Microsoft Support).