Reflected XSS vulnerability in SQL Server Report Manager| ID: oval:org.secpod.oval:def:7327 | Date: (C)2012-10-12 (M)2023-02-27 |
| Class: VULNERABILITY | Family: windows |
The host is installed with SQL Server 2000 Reporting Services Service or 2005 SP4 or 2008 SP2 or SP3 or 2008 R2 SP1 or 2012 and is prone to reflected XSS vulnerability. A flaw is present in the application, which fails to handle SQL Server Report Manager input parameters. Successful exploitation could allows an attacker to inject a client-side script into the user's instance of Internet Explorer.
| Platform: |
| Microsoft Windows 2000 |
| Microsoft Windows 7 |
| Microsoft Windows Server 2003 |
| Microsoft Windows Server 2008 |
| Microsoft Windows Server 2008 R2 |
| Microsoft Windows Vista |
| Microsoft Windows XP |
| Product: |
| Microsoft SQL Server 2000 Reporting Services |
| Microsoft SQL Server 2005 |
| Microsoft SQL Server 2008 |
| Microsoft SQL Server 2008 R2 |
| Microsoft SQL Server 2012 |
