CVE-2020-0927: 
vulnerability analysis and mitigation

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize specially crafted web requests to affected SharePoint servers, identified as CVE-2020-0927. This vulnerability was disclosed on April 15, 2020, and is also known as 'Microsoft Office SharePoint XSS Vulnerability'. The affected systems include Microsoft SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, and SharePoint Server 2019 (NVD, CVE).

The vulnerability is classified as a Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 Base Score of 5.4 (MEDIUM). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. The vulnerability has a lower CVSS v2.0 score of 3.5 (LOW) (NVD).

The successful exploitation of this vulnerability could allow an attacker to perform cross-site scripting attacks, potentially leading to unauthorized disclosure of information and manipulation of web content. The impact is considered moderate with low confidentiality and integrity impact, while there is no impact on system availability (NVD).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the appropriate patches through Microsoft's security advisory (MSRC Advisory).