CVE-2020-0930: 
vulnerability analysis and mitigation

A cross-site-scripting (XSS) vulnerability (CVE-2020-0930) was identified in Microsoft SharePoint Server. The vulnerability exists when the server fails to properly sanitize specially crafted web requests to affected SharePoint servers. This vulnerability was published on April 15, 2020, and affects multiple versions of SharePoint including SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, and SharePoint Server 2019 (NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 base score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, and user interaction. Under CVSS v2.0, it scored 3.5 (LOW) with vector (AV:N/AC:M/Au:S/C:N/I:P/A:N) (NVD).

The vulnerability can lead to cross-site scripting attacks, potentially allowing attackers to execute malicious scripts in the context of the affected SharePoint servers. This could result in unauthorized information disclosure and potential manipulation of web content (NVD).

Microsoft has released security patches to address this vulnerability. Users are advised to apply the security updates available through the Microsoft Security Response Center (MSRC Advisory).