CVE-2020-1198

MEDIUM

Description

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1198

Details

Source: MITRE

Published: 2020-09-11

Updated: 2020-09-13

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
140521Security Updates for Microsoft SharePoint Server 2019 (September 2020)NessusWindows : Microsoft Bulletins
high
140520Security Updates for Microsoft SharePoint Server 2016 (September 2020)NessusWindows : Microsoft Bulletins
high
140519Security Updates for Microsoft SharePoint Server 2013 (September 2020)NessusWindows : Microsoft Bulletins
high
112585Microsoft SharePoint Server 2010 < 14.0.7260.5000 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
112584Microsoft SharePoint Server 2013 < 15.0.5275.1001 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
112583Microsoft SharePoint Server 2019 < 16.0.10366.12106 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
112582Microsoft SharePoint Server 2016 < 16.0.5056.1001 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high