Cross-Site Scripting Vulnerability in Microsoft Systems Management Server and System Center
CVE-2012-2536

Currently unrated

Key Information:

Vendor: Microsoft
Status: System Center Configuration Manager; Systems Management Server
Vendor: CVE Published:; 11 September 2012

Summary

A cross-site scripting (XSS) vulnerability exists in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2, which permits remote attackers to inject arbitrary web scripts or HTML into user sessions. This vulnerability may be exploited through unspecified vectors, potentially compromising the security of user data and allowing unauthorized actions on behalf of users.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA12-255A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

44% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 11, 2012
Vulnerability Reserved
May 9, 2012