Cross-Site Scripting Vulnerability in Microsoft Active Directory Federation Services
CVE-2015-1757

Currently unrated

Key Information:

Vendor

Microsoft
Status
Active Directory Federation Services
Vendor
CVE Published:
10 June 2015

What is CVE-2015-1757?

A cross-site scripting (XSS) vulnerability exists in the Active Directory Federation Services (AD FS) web component within Microsoft Windows Server 2008 SP2, R2 SP1, and Server 2012. This flaw allows remote attackers to exploit the wct parameter, enabling them to inject arbitrary web scripts or HTML into the application. This vulnerability can lead to unauthorized actions taken on behalf of users, making it critical for organizations to apply security updates and implement measures to protect their systems against such exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/75023
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1032526
vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.