CVE-2020-1106

Published: May 21, 2020Modified: Feb 28, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101.

Affected (3)

Products: Microsoft: Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server

3 products

Sharepoint Enterprise Server

Sharepoint Foundation

Sharepoint Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Enterprise Server	Version 2016
Microsoft Sharepoint Foundation	Version 2013 sp1
Microsoft Sharepoint Server	Version 2019

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (5)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106

Source: secure@microsoft.com

PatchVendor Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106

Source: secure@microsoft.com

ExploitThird Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.