CVE-2020-0795 in Business Productivity Servers
Summary
by MITRE
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0891.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/10/2025
CVE-2020-0795 represents a reflective cross-site scripting vulnerability within Microsoft SharePoint Server that stems from inadequate input sanitization mechanisms. This flaw specifically manifests when the affected server processes requests containing maliciously crafted payloads that are subsequently reflected back to users without proper validation or encoding. The vulnerability operates at the application layer and exploits the server's failure to properly sanitize user-supplied input before rendering it in web responses, creating an environment where attacker-controlled content can be executed within the context of a victim's browser session.
The technical implementation of this vulnerability aligns with CWE-79, which categorizes cross-site scripting flaws as weaknesses in input validation and output encoding. Attackers can leverage this weakness by constructing malicious requests that contain script tags or other executable content, which then get processed and reflected back to authenticated users who visit the compromised SharePoint pages. This reflective nature means the malicious code is not stored on the server but rather injected into the response stream during the request processing phase, making it particularly dangerous for environments where administrators and regular users interact with the same SharePoint infrastructure.
The operational impact of CVE-2020-0795 extends beyond simple script execution, as authenticated attackers can potentially escalate privileges and access sensitive data through session hijacking techniques. The vulnerability's authentication requirement means that attackers must first obtain valid credentials, but once achieved, they can leverage this weakness to perform actions within the privileges of the authenticated user. This presents significant risk in enterprise environments where SharePoint servers host confidential documents, user data, and administrative interfaces, as the reflected XSS could enable attackers to steal session cookies, redirect users to malicious sites, or execute commands that compromise the entire SharePoint ecosystem.
From an attack framework perspective, this vulnerability maps to multiple ATT&CK techniques including T1566 for social engineering through malicious content and T1059 for command and script execution. The exploitation process typically involves crafting a malicious URL or form submission that includes JavaScript payloads designed to target specific user groups or roles within the SharePoint environment. Organizations should implement comprehensive mitigations including input validation, output encoding, and regular security updates, while also deploying web application firewalls to detect and block suspicious request patterns. The vulnerability's classification as a reflective XSS underscores the importance of implementing Content Security Policy headers and ensuring proper HTML encoding of all user-supplied content to prevent the execution of malicious scripts in the context of authenticated sessions.