CVE-2015-1757

Currently unrated

Key Information:

Vendor: Microsoft
Status: Active Directory Federation Services
Vendor: CVE Published:; 10 June 2015

Summary

Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Elevation of Privilege Vulnerability."

References

http://www.securityfocus.com/bid/75023

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1032526

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 10, 2015
Vulnerability Reserved
Feb 17, 2015

Collectors

NVD DatabaseMitre Database