CVE-2020-0954: 
vulnerability analysis and mitigation

A cross-site-scripting (XSS) vulnerability (CVE-2020-0954) was identified in Microsoft SharePoint Server, where the server fails to properly sanitize specially crafted web requests. This vulnerability, discovered and disclosed in April 2020, affects multiple versions of Microsoft SharePoint products including SharePoint Enterprise Server 2016, Project Server 2013 SP1, and SharePoint Server 2019 (NVD).

The vulnerability is classified as a Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 base score of 5.4 (Medium severity). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. Under CVSS v2.0, it received a base score of 3.5 (Low severity) (NVD).

The vulnerability could allow an attacker to execute cross-site scripting attacks by sending specially crafted web requests to an affected SharePoint server. This could potentially lead to unauthorized information disclosure and integrity compromises, though with limited impact as indicated by the CVSS metrics (NVD).

Microsoft has released security updates to address this vulnerability. The fix is available through the Microsoft Security Response Center, and affected users are advised to apply the appropriate patches (MSRC).