CVE-2013-0009

Опубликовано: 09 янв. 2013

Источник: nvd

CVSS2: 4.3

EPSS Средний

Описание

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.

Ссылки

http://www.us-cert.gov/cas/techalerts/TA13-008A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15760
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15760

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:system_center_operations_manager:2007:r2:*:*:*:*:*:*

cpe:2.3:a:microsoft:system_center_operations_manager:2007:sp1:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.24926

Средний

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-q5jv-7j7q-rggq

github

почти 4 года назад