CVE-2020-0894: 
vulnerability analysis and mitigation

A cross-site-scripting (XSS) vulnerability exists in Microsoft SharePoint Server when it fails to properly sanitize specially crafted web requests to affected SharePoint servers (CVE-2020-0894). This vulnerability was disclosed on March 10, 2020, affecting multiple versions of SharePoint Server including SharePoint Enterprise Server 2016, SharePoint Foundation 2010 SP2, SharePoint Foundation 2013 SP1, and SharePoint Server 2019 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with impacts to confidentiality and integrity but not availability (NVD).

If successfully exploited, this XSS vulnerability could allow an attacker to execute malicious scripts in the context of the user's browser session. This could enable the attacker to read content they are not authorized to access, execute malicious code, and use the victim's identity to take actions on the site on behalf of the user, such as changing permissions and deleting content (Microsoft Support).

Microsoft has released security updates to address this vulnerability. The fix ensures that SharePoint Server properly sanitizes user inputs. System administrators should apply the relevant security updates for their specific SharePoint versions through Microsoft Update or by downloading the standalone update package (Microsoft Support).