CVE-2020-1100

Description

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka Microsoft Office SharePoint XSS Vulnerability. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106.

Risk Information

Base Score

5.4

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.904

Associated Vulnerability

Vulnerability	OS Platform
Microsoft Office SharePoint XSS Vulnerability for Microsoft SharePoint Enterprise Server 2013 (KB4484352)	Windows
Microsoft Office SharePoint XSS Vulnerability for 2010 Microsoft Business Productivity Servers (KB4484383)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-28916	Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4484352)
PATCH-28912	Security Update for 2010 Microsoft Business Productivity Servers (KB4484383)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234