MS.SharePoint.Server.ProfNew.Stored.XSS
Description
This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Microsoft SharePoint Server.
The vulnerability is due to a failure to sanitize specially crafted web requests. A remote, authenticated attacker can exploit this vulnerability by sending maliciously crafted requests to a vulnerable SharePoint server to modify or create a user's profile. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary JavaScript code under the security context of target users.
Affected Products
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0693
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-31 | 16.989 | Name:MS. SharePoint. Server. Stored. XSS:MS. SharePoint. Server. ProfNew. Stored. XSS |
2020-04-09 | 15.814 | Default_action:pass:drop |
2020-04-01 | 15.809 |