This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0795.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft sharepoint foundation 2010 |
||
microsoft sharepoint foundation 2013 |
||
microsoft sharepoint enterprise server 2016 |
||
microsoft sharepoint server 2019 |
This month the vendor has patched 115 vulnerabilities, 25 of which are rated Critical.
Posted: 11 Mar, 202028 Min ReadThreat Intelligence SubscribeMicrosoft Patch Tuesday – March 2020This month the vendor has patched 115 vulnerabilities, 25 of which are rated Critical.As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required while still maintaining functionality. Avoid handling files from unknown or questionabl...
Hefty Patch Tuesday covers critical Word, Dynamics bugs, and more
Updated Microsoft has emitted more than 100 fixes in its March batch of security updates. The Patch Tuesday release includes 115-CVE listed flaws, including 26 classified as critical security risks. None of the flaws have previously been disclosed or exploited in the wild. One particularly nasty remote-code execution hole revealed this week lies within SMBv3. "An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client," ...
Hefty Patch Tuesday covers critical Word, Dynamics bugs, and more
Updated Microsoft has emitted more than 100 fixes in its March batch of security updates. The Patch Tuesday release includes 115-CVE listed flaws, including 26 classified as critical security risks. None of the flaws have previously been disclosed or exploited in the wild. One particularly nasty remote-code execution hole revealed this week lies within SMBv3. "An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client," ...