CVE-2012-2552

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Sql Server Reporting Services
Vendor: CVE Published:; 9 October 2012

Summary

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA12-283A.html

third-party-advisoryx_refsource_CERT

EPSS Score

87% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 9, 2012
Vulnerability Reserved
May 9, 2012

Collectors

NVD DatabaseMitre Database