CVE-2020-1103

MEDIUM

Microsoft SharePoint Server - Information Disclosure via Cross-Site Search Attack

Title source: llm
STIX 2.1

Description

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0274
EPSS Percentile 84.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-352
Status published
Products (3)
microsoft/sharepoint_enterprise_server 2016
microsoft/sharepoint_foundation 2013 sp1
microsoft/sharepoint_server 2019
Published May 21, 2020
Tracked Since Feb 18, 2026