Cross-Site Scripting Vulnerability in Microsoft System Center Operations Manager
CVE-2013-0010

Currently unrated

Key Information:

Vendor: Microsoft
Status: System Center Operations Manager
Vendor: CVE Published:; 9 January 2013

What is CVE-2013-0010?

A cross-site scripting (XSS) vulnerability exists in Microsoft System Center Operations Manager 2007 SP1 and R2, permitting remote attackers to inject arbitrary web scripts or HTML through specially crafted input. This vulnerability can be exploited to execute malicious scripts in users' browsers, which may lead to unauthorized access to sensitive information or the execution of unwanted actions within the context of the user session. It highlights the importance of securing web interfaces against user input manipulations.

References

http://www.us-cert.gov/cas/techalerts/TA13-008A.html

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

24% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2013
Vulnerability Reserved
Nov 27, 2012