CVE-2015-1757

2015-06-1001:59:29

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-1757

cross-site scripting

xss

ad fs

active directory federation services

elevation of privilege

nvd

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.055 Low

EPSS

Percentile

93.2%

JSON

Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka “ADFS XSS Elevation of Privilege Vulnerability.”

Affected configurations

NVD

Node

microsoftactive_directory_federation_servicesMatch2.0

microsoftactive_directory_federation_servicesMatch2.1

CPENameOperatorVersion
microsoft:active_directory_federation_servicesmicrosoft active directory federation serviceseq2.0
microsoft:active_directory_federation_servicesmicrosoft active directory federation serviceseq2.1

CPE	Name	Operator	Version
microsoft:active_directory_federation_services	microsoft active directory federation services	eq	2.0
microsoft:active_directory_federation_services	microsoft active directory federation services	eq	2.1