Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability - CVE-2020-1055ID: oval:org.secpod.oval:def:63093 | Date: (C)2020-05-13 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs. An un-authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected ADFS server.The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user.This security update addresses the vulnerability by ensuring that ADFS properly sanitizes user inputs.
Platform: |
Microsoft Windows Server |
Microsoft Windows 10 |
Microsoft Windows Server 2019 |