Cross site scripting

2012-10-0921:55:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.846 High

EPSS

Percentile

98.5%

JSON

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka “Reflected XSS Vulnerability.”

CPENameOperatorVersion
sql_servereq2008 r2sp1itanium
sql_servereq2008 sp2-x64
sql_servereq2008 sp3-itanium
sql_servereq2005 sp4-itanium
sql_servereq2005 sp4expressadvancedservices
sql_servereq2005 sp4-x64
sql_servereq2008 sp3-x64
sql_servereq2012 x86
sql_servereq2012 x64
sql_servereq2008 r2sp1x86

Name	Operator	Version
sql_server	eq	2008 r2sp1itanium
sql_server	eq	2008 sp2-x64
sql_server	eq	2008 sp3-itanium
sql_server	eq	2005 sp4-itanium
sql_server	eq	2005 sp4expressadvancedservices
sql_server	eq	2005 sp4-x64
sql_server	eq	2008 sp3-x64
sql_server	eq	2012 x86
sql_server	eq	2012 x64
sql_server	eq	2008 r2sp1x86