Cross-Site Scripting Vulnerability in Microsoft Active Directory Federation Services
CVE-2015-1757

Currently unrated

Key Information:

Vendor: Microsoft
Status: Active Directory Federation Services
Vendor: CVE Published:; 10 June 2015

Summary

A cross-site scripting (XSS) vulnerability exists in the Active Directory Federation Services (AD FS) web component within Microsoft Windows Server 2008 SP2, R2 SP1, and Server 2012. This flaw allows remote attackers to exploit the wct parameter, enabling them to inject arbitrary web scripts or HTML into the application. This vulnerability can lead to unauthorized actions taken on behalf of users, making it critical for organizations to apply security updates and implement measures to protect their systems against such exploits.

References

http://www.securityfocus.com/bid/75023

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1032526

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 10, 2015
Vulnerability Reserved
Feb 17, 2015