CVE-2020-1103
MEDIUMMicrosoft SharePoint Server - Information Disclosure via Cross-Site Search Attack
Title source: llmDescription
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103
Scores
CVSS v3
6.5
EPSS
0.0274
EPSS Percentile
84.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-352
Status
published
Products (3)
microsoft/sharepoint_enterprise_server
2016
microsoft/sharepoint_foundation
2013 sp1
microsoft/sharepoint_server
2019
Published
May 21, 2020
Tracked Since
Feb 18, 2026