Login Sign Up

CVE-2020-1500

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server where authenticated attackers can send specially crafted requests to bypass input sanitization. Successful exploitation allows attackers to execute scripts in the victim's security context, potentially reading unauthorized content, modifying permissions, deleting data, or injecting malicious content. Only authenticated users with SharePoint access are affected.

💻 Affected Systems

Products:
  • Microsoft SharePoint Server
Versions: Specific versions not specified in advisory, but typically affects multiple SharePoint Server versions prior to security update
Operating Systems: Windows Server
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to SharePoint; affects both on-premises and potentially hybrid deployments

📦 What is this software?

Sharepoint Enterprise Server by Microsoft

View all CVEs affecting Sharepoint Enterprise Server →

Sharepoint Enterprise Server by Microsoft

View all CVEs affecting Sharepoint Enterprise Server →

Sharepoint Server by Microsoft

View all CVEs affecting Sharepoint Server →

Sharepoint Server by Microsoft

View all CVEs affecting Sharepoint Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full control of SharePoint site through victim's credentials, modifies all permissions, deletes critical data, and injects persistent malware affecting all users.

🟠

Likely Case

Attacker steals sensitive documents, modifies permissions for privilege escalation, or injects malicious scripts to capture user credentials.

🟢

If Mitigated

Limited impact due to proper input validation, network segmentation, and least privilege access controls preventing script execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access and knowledge of SharePoint request structure; no public exploit code known

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security update through Microsoft Update or specific SharePoint cumulative update

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1500

Restart Required: Yes

Instructions:

1. Apply Microsoft security update through Windows Update or download from Microsoft Update Catalog. 2. Restart SharePoint servers. 3. Test SharePoint functionality after patching.

🔧 Temporary Workarounds

Input Validation Enhancement

windows

Implement additional input validation and output encoding for SharePoint web requests

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate SharePoint servers from untrusted networks
  • Enforce least privilege access controls and monitor for unusual authenticated user activity

🔍 How to Verify

Check if Vulnerable:

Check SharePoint Server version and compare with patched versions in Microsoft advisory

Check Version:

Get-SPFarm | Select BuildVersion

Verify Fix Applied:

Verify security update is installed via Windows Update history or SharePoint version check

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to SharePoint endpoints
  • Multiple failed authentication attempts followed by successful login with script-like payloads

Network Indicators:

  • HTTP requests containing script tags or encoded payloads to SharePoint URLs
  • Unusual outbound connections from SharePoint servers

SIEM Query:

source="sharepoint" AND (http_method="POST" AND (uri="*_layouts/*" OR uri="*_vti_bin/*") AND (content="<script>" OR content="javascript:"))

📊 Metadata

CVE ID: CVE-2020-1500
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Published: August 17, 2020
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON