CVE-2020-0923: 
vulnerability analysis and mitigation

CVE-2020-0923 is a cross-site-scripting (XSS) vulnerability that affects Microsoft SharePoint Server. The vulnerability was disclosed on April 15, 2020, and occurs when the server fails to properly sanitize specially crafted web requests to affected SharePoint servers. This vulnerability is also known as 'Microsoft Office SharePoint XSS Vulnerability' (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium severity) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Under CVSS v2.0, it received a base score of 3.5 (Low severity). The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD).

The vulnerability affects multiple versions of Microsoft SharePoint products, including SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, and SharePoint Server 2019. If exploited, this XSS vulnerability could allow an attacker to execute malicious scripts in the context of the user's browser session (NVD).

Microsoft has released security patches to address this vulnerability. Users are advised to apply the appropriate security updates through the Microsoft Security Response Center (MSRC).