Cross-Site Scripting Vulnerability in Microsoft SQL Server Reporting Services
CVE-2012-2552

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Sql Server Reporting Services
Vendor: CVE Published:; 9 October 2012

Summary

A cross-site scripting (XSS) vulnerability exists in the SQL Server Report Manager of Microsoft SQL Server versions, which allows remote attackers to inject arbitrary web scripts or HTML through an unspecified parameter. This can potentially facilitate unauthorized access to sensitive information or user sessions, highlighting the critical importance of securing web applications against such vulnerabilities.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA12-283A.html

third-party-advisoryx_refsource_CERT

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 9, 2012
Vulnerability Reserved
May 9, 2012