CVE-2020-1102

HIGH

Microsoft SharePoint Enterprise Server - Remote Code Execution via Unchecked Application Package Markup

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-1102. PoCs published by DanielRuf.

AI-analyzed exploit summary This repository provides patches and a minification script for CVE-2020-11022 and CVE-2020-11023, which affect jQuery versions prior to 3.5.0. It includes instructions for applying patches and generating minified versions of jQuery.

Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024.

Exploits (1)

nomisec WRITEUP 27 stars

by DanielRuf · poc

https://github.com/DanielRuf/snyk-js-jquery-565129

View Code ZIP pw:eip

This repository provides patches and a minification script for CVE-2020-11022 and CVE-2020-11023, which affect jQuery versions prior to 3.5.0. It includes instructions for applying patches and generating minified versions of jQuery.

Classification

Writeup 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: jQuery versions prior to 3.5.0

No auth needed

Prerequisites: Node.js for minification script

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1102

Scores

CVSS v3 8.8

EPSS 0.1513

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

microsoft/sharepoint_enterprise_server 2016

microsoft/sharepoint_server 2019

Published May 21, 2020

Tracked Since Feb 18, 2026