CVE-2020-0925: 
vulnerability analysis and mitigation

A cross-site-scripting (XSS) vulnerability identified as CVE-2020-0925 exists in Microsoft SharePoint Server when the server fails to properly sanitize specially crafted web requests. This vulnerability was disclosed and patched as part of Microsoft's April 14, 2020 security updates (Microsoft Support).

The vulnerability is classified as a cross-site scripting (XSS) issue that occurs when Microsoft SharePoint Server does not properly sanitize specially crafted web requests sent to an affected SharePoint server. The vulnerability requires user interaction and limited privileges for exploitation (NVD).

If successfully exploited, this vulnerability could allow an attacker to perform cross-site scripting attacks against SharePoint Server users. The impact is limited to information disclosure and potential manipulation of user content within the SharePoint environment (Microsoft Support).

Microsoft has released security updates to address this vulnerability. The fix is included in the April 14, 2020 security updates for affected SharePoint versions. Organizations should apply the security update KB4484292 for SharePoint Server 2019 or corresponding updates for other affected versions (Microsoft Support).