vulnerability

Microsoft CVE-2020-1099: Microsoft Office SharePoint XSS Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	May 12, 2020	May 12, 2020	Aug 12, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

May 12, 2020

Added

May 12, 2020

Modified

Aug 12, 2025

Description

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1100, CVE-2020-1101, CVE-2020-1106.

Solutions

msft-kb4484332-b6ef9652-01db-4003-a9af-b074b8bde546msft-kb4484336-2afa45ff-64b4-4c9a-adc9-1dc95db9b609

References

CVE-2020-1099
https://attackerkb.com/topics/CVE-2020-1099
CWE-79

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report