The vulnerability of Microsoft SharePoint Server and Microsoft SharePoint Enterprise Server stems from the lack of protective measures for website structures. This allows attackers to execute cross-site scripting attacks and execute arbitrary code in the context of the current user.

🗓️ 12 Mar 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

SharePoint servers lack protection for website structures, enabling cross-site scripting.

Reporter	Title	Published	Views	Family All 24
Circl	CVE-2020-0693	28 Feb 202520:27	–	circl
CNVD	Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2020-10480)	17 Feb 202000:00	–	cnvd
Check Point Advisories	Microsoft SharePoint Server Stored Cross Site Scripting (CVE-2020-0693)	7 Apr 202000:00	–	checkpoint_advisories
CVE	CVE-2020-0693	11 Feb 202021:23	–	cve
Cvelist	CVE-2020-0693	11 Feb 202021:23	–	cvelist
EUVD	EUVD-2020-2186	7 Oct 202500:30	–	euvd
Microsoft KB	Description of the security update for SharePoint Enterprise Server 2016: February 11, 2020	11 Feb 202008:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Server 2019: February 11, 2020	11 Feb 202008:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Foundation 2013: February 11, 2020	11 Feb 202008:00	–	mskb
Kaspersky	KLA11663 Multiple vulnerabilities in Microsoft Office	11 Feb 202000:00	–	kaspersky

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0693;
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-0693
web	www.web.nvd.nist.gov/view/vuln/detail

12 Mar 2020 00:00Current

6.1Medium risk

Vulners AI Score6.1

CVSS 24.9

CVSS 35.4

EPSS0.00586

SharePoint Server SharePoint Enterprise Server cross-site scripting arbitrary code website protection website structures