SharePoint Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2020-1103
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page the attacker can through standard browser functionality induce the browser to invoke search queries as the logged in user aka 39Microsoft SharePoint Information Disclosure Vulnerability39.
