CVE-2020-0903: 
vulnerability analysis and mitigation

A cross-site-scripting (XSS) vulnerability (CVE-2020-0903) was discovered in Microsoft Exchange Server. The vulnerability exists when Microsoft Exchange Server does not properly sanitize specially crafted web requests to an affected Exchange server. This vulnerability was disclosed on March 12, 2020 and affects various versions of Microsoft Exchange Server (NVD).

The vulnerability is classified as a cross-site scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium severity). The vulnerability has the following vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required privileges, user interaction, and low impact on confidentiality and integrity (NVD).

If exploited, this vulnerability could allow an attacker to perform cross-site scripting attacks by sending specially crafted web requests to the affected Exchange server. The successful exploitation could lead to information disclosure and potential spoofing of user actions (NVD).

Microsoft has released security updates to address this vulnerability. The update corrects how Microsoft Exchange Server sanitizes web requests to prevent XSS attacks (NVD).