Lucene search

[email protected]CVE-2012-2552

HistoryOct 09, 2012 - 9:55 p.m.

CVE-2012-2552

2012-10-0921:55:02

CWE-79

[email protected]

web.nvd.nist.gov

226

sql server

report manager

xss

vulnerability

remote attackers

web script

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.846 High

EPSS

Percentile

98.5%

JSON

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka “Reflected XSS Vulnerability.”

Affected configurations

NVD

Node

microsoftsql_serverMatch2005sp4express_advanced_services

microsoftsql_serverMatch2005sp4itanium

microsoftsql_serverMatch2005sp4x64

microsoftsql_serverMatch2005sp4x86

microsoftsql_serverMatch2008r2_sp1itanium

microsoftsql_serverMatch2008r2_sp1x64

microsoftsql_serverMatch2008r2_sp1x86

microsoftsql_serverMatch2008sp2itanium

microsoftsql_serverMatch2008sp2x64

microsoftsql_serverMatch2008sp2x86

microsoftsql_serverMatch2008sp3itanium

microsoftsql_serverMatch2008sp3x64

microsoftsql_serverMatch2008sp3x86

microsoftsql_serverMatch2012-x64

microsoftsql_serverMatch2012-x86

microsoftsql_server_reporting_servicesMatch2000sp2

CPENameOperatorVersion
microsoft:sql_servermicrosoft sql servereq2005
microsoft:sql_servermicrosoft sql servereq2008
microsoft:sql_servermicrosoft sql servereq2012
microsoft:sql_server_reporting_servicesmicrosoft sql server reporting serviceseq2000

CPE	Name	Operator	Version
microsoft:sql_server	microsoft sql server	eq	2005
microsoft:sql_server	microsoft sql server	eq	2008
microsoft:sql_server	microsoft sql server	eq	2012
microsoft:sql_server_reporting_services	microsoft sql server reporting services	eq	2000