Cross-Site Scripting Vulnerability in Microsoft Windows Server and BizTalk Server
CVE-2015-2475

Currently unrated

Key Information:

Vendor: Microsoft
Status: Biztalk Server; Windows Server 2008
Vendor: CVE Published:; 15 August 2015

Summary

The XSS vulnerability found in the UDDI Services component of Microsoft Windows Server 2008 SP2 and various editions of BizTalk Server, including 2010 and 2013, allows remote attackers to exploit the search parameter in 'uddi/search/frames.aspx.' This exploitation enables the injection of arbitrary web scripts or HTML, potentially leading to unauthorized access, data theft, or other malicious actions. Organizations using these versions should take immediate action to patch the vulnerability as detailed in Microsoft's security bulletin MS15-087, to enhance their web application security.

References

http://www.securitytracker.com/id/1033246

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/76259

vdb-entryx_refsource_BID

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 15, 2015
Vulnerability Reserved
Mar 19, 2015