cvelistv5 - CVE-2012-2552

CVE-2012-2552 (GCVE-0-2012-2552)

Vulnerability from cvelistv5 – Published: 2012-10-09 21:00 – Updated: 2024-08-06 19:34

Summary

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.us-cert.gov/cas/techalerts/TA12-283A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/55783	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:34:25.812Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS12-070",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070"
          },
          {
            "name": "oval:org.mitre.oval:def:15395",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395"
          },
          {
            "name": "TA12-283A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
          },
          {
            "name": "55783",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/55783"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \"Reflected XSS Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS12-070",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070"
        },
        {
          "name": "oval:org.mitre.oval:def:15395",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395"
        },
        {
          "name": "TA12-283A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
        },
        {
          "name": "55783",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/55783"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2012-2552",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \"Reflected XSS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS12-070",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070"
            },
            {
              "name": "oval:org.mitre.oval:def:15395",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395"
            },
            {
              "name": "TA12-283A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
            },
            {
              "name": "55783",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/55783"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2012-2552",
    "datePublished": "2012-10-09T21:00:00",
    "dateReserved": "2012-05-09T00:00:00",
    "dateUpdated": "2024-08-06T19:34:25.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:*\", \"matchCriteriaId\": \"6CE40B2B-E1A0-4BBE-9A3B-5E7B14F83554\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7E387893-EBA4-448A-9687-400F50A5A2F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:*\", \"matchCriteriaId\": \"9916AE10-8EBF-4BB9-885C-1FD0C20ED71C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp4:x86:*:*:*:*:*\", \"matchCriteriaId\": \"4F8BF453-1436-4031-9774-B3E53B40BB46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"6FE7F16C-CDE0-426C-BFF2-689750CD64CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:x64:*:*:*:*:*\", \"matchCriteriaId\": \"4ADCCD5E-B5BA-4CA7-B37F-D1CBC0998B80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:x86:*:*:*:*:*\", \"matchCriteriaId\": \"9EEB1830-3314-4422-985E-8FEAD8F93B6F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"5FA2E5E9-A530-4EBA-863A-322C10EFB82C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"00F271BE-E397-4DAB-894E-EBA5CD7C465F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp2:x86:*:*:*:*:*\", \"matchCriteriaId\": \"A30C7019-68AD-4538-8250-EFDDC4FCBC32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp3:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"21B670E0-E991-4884-9D98-D9A74C95903B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp3:x64:*:*:*:*:*\", \"matchCriteriaId\": \"46B0D444-0B3F-4430-9374-BFA7D5F44726\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp3:x86:*:*:*:*:*\", \"matchCriteriaId\": \"C561C66B-18EB-4926-8FF1-489D1934E5C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2012:-:x64:*:*:*:*:*\", \"matchCriteriaId\": \"A1C39319-B1DC-494B-9688-C25940376A65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2012:-:x86:*:*:*:*:*\", \"matchCriteriaId\": \"9C056337-C632-42A6-A2DE-5E20AD103953\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"377777D4-0649-4732-9E38-E4074056C561\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \\\"Reflected XSS Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de ejecuci\\u00f3n de comandos en sitios cruzados (XSS) en SQL Server Report Manager en Microsoft SQL Server 2000 Reporting Services SP2 y SQL Server 2005 SP4, 2008 SP2 y SP3, 2008 R2 SP1, y 2012, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\\u00e9s a los par\\u00e1metros especificados Es una vulnerabilidad tambi\\u00e9n conocido como \\\"Vulnerabilidad de XSS reflejado\\\".\"}]",
      "id": "CVE-2012-2552",
      "lastModified": "2024-11-21T01:39:13.157",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2012-10-09T21:55:02.957",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/55783\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-283A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/55783\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-283A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-2552\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2012-10-09T21:55:02.957\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \\\"Reflected XSS Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en SQL Server Report Manager en Microsoft SQL Server 2000 Reporting Services SP2 y SQL Server 2005 SP4, 2008 SP2 y SP3, 2008 R2 SP1, y 2012, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s a los par\u00e1metros especificados Es una vulnerabilidad tambi\u00e9n conocido como \\\"Vulnerabilidad de XSS reflejado\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:*\",\"matchCriteriaId\":\"6CE40B2B-E1A0-4BBE-9A3B-5E7B14F83554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7E387893-EBA4-448A-9687-400F50A5A2F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:*\",\"matchCriteriaId\":\"9916AE10-8EBF-4BB9-885C-1FD0C20ED71C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp4:x86:*:*:*:*:*\",\"matchCriteriaId\":\"4F8BF453-1436-4031-9774-B3E53B40BB46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"6FE7F16C-CDE0-426C-BFF2-689750CD64CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:x64:*:*:*:*:*\",\"matchCriteriaId\":\"4ADCCD5E-B5BA-4CA7-B37F-D1CBC0998B80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:x86:*:*:*:*:*\",\"matchCriteriaId\":\"9EEB1830-3314-4422-985E-8FEAD8F93B6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"5FA2E5E9-A530-4EBA-863A-322C10EFB82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"00F271BE-E397-4DAB-894E-EBA5CD7C465F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp2:x86:*:*:*:*:*\",\"matchCriteriaId\":\"A30C7019-68AD-4538-8250-EFDDC4FCBC32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp3:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"21B670E0-E991-4884-9D98-D9A74C95903B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp3:x64:*:*:*:*:*\",\"matchCriteriaId\":\"46B0D444-0B3F-4430-9374-BFA7D5F44726\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp3:x86:*:*:*:*:*\",\"matchCriteriaId\":\"C561C66B-18EB-4926-8FF1-489D1934E5C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2012:-:x64:*:*:*:*:*\",\"matchCriteriaId\":\"A1C39319-B1DC-494B-9688-C25940376A65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2012:-:x86:*:*:*:*:*\",\"matchCriteriaId\":\"9C056337-C632-42A6-A2DE-5E20AD103953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"377777D4-0649-4732-9E38-E4074056C561\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/55783\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-283A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/55783\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-283A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2012-2552

Vulnerability from fkie_nvd - Published: 2012-10-09 21:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/55783
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA12-283A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/55783
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA12-283A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395

Impacted products

Vendor	Product	Version
microsoft	sql_server	2005
microsoft	sql_server	2005
microsoft	sql_server	2005
microsoft	sql_server	2005
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2012
microsoft	sql_server	2012
microsoft	sql_server_reporting_services	2000

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:*",
              "matchCriteriaId": "6CE40B2B-E1A0-4BBE-9A3B-5E7B14F83554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:*",
              "matchCriteriaId": "7E387893-EBA4-448A-9687-400F50A5A2F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:*",
              "matchCriteriaId": "9916AE10-8EBF-4BB9-885C-1FD0C20ED71C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:x86:*:*:*:*:*",
              "matchCriteriaId": "4F8BF453-1436-4031-9774-B3E53B40BB46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:itanium:*:*:*:*:*",
              "matchCriteriaId": "6FE7F16C-CDE0-426C-BFF2-689750CD64CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "4ADCCD5E-B5BA-4CA7-B37F-D1CBC0998B80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "9EEB1830-3314-4422-985E-8FEAD8F93B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "5FA2E5E9-A530-4EBA-863A-322C10EFB82C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "00F271BE-E397-4DAB-894E-EBA5CD7C465F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp2:x86:*:*:*:*:*",
              "matchCriteriaId": "A30C7019-68AD-4538-8250-EFDDC4FCBC32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "21B670E0-E991-4884-9D98-D9A74C95903B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "46B0D444-0B3F-4430-9374-BFA7D5F44726",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp3:x86:*:*:*:*:*",
              "matchCriteriaId": "C561C66B-18EB-4926-8FF1-489D1934E5C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2012:-:x64:*:*:*:*:*",
              "matchCriteriaId": "A1C39319-B1DC-494B-9688-C25940376A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2012:-:x86:*:*:*:*:*",
              "matchCriteriaId": "9C056337-C632-42A6-A2DE-5E20AD103953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \"Reflected XSS Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en SQL Server Report Manager en Microsoft SQL Server 2000 Reporting Services SP2 y SQL Server 2005 SP4, 2008 SP2 y SP3, 2008 R2 SP1, y 2012, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s a los par\u00e1metros especificados Es una vulnerabilidad tambi\u00e9n conocido como \"Vulnerabilidad de XSS reflejado\"."
    }
  ],
  "id": "CVE-2012-2552",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-10-09T21:55:02.957",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/55783"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/55783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2012-2552

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-2552

Aliases

CVE-2012-2552

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2552",
    "description": "Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \"Reflected XSS Vulnerability.\"",
    "id": "GSD-2012-2552"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2552"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \"Reflected XSS Vulnerability.\"",
      "id": "GSD-2012-2552",
      "modified": "2023-12-13T01:20:16.138653Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2012-2552",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \"Reflected XSS Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MS12-070",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070"
          },
          {
            "name": "oval:org.mitre.oval:def:15395",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395"
          },
          {
            "name": "TA12-283A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
          },
          {
            "name": "55783",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/55783"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp4:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:sp2:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2012:-:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:sp3:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:sp3:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:sp3:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2012:-:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2012-2552"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \"Reflected XSS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA12-283A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
            },
            {
              "name": "55783",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/55783"
            },
            {
              "name": "oval:org.mitre.oval:def:15395",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395"
            },
            {
              "name": "MS12-070",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T22:03Z",
      "publishedDate": "2012-10-09T21:55Z"
    }
  }
}

CERTA-2012-AVI-560

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité de type injection de code indirecte à distance (XSS) est corrigée dans Microsoft SQL Server sur les systèmes exécutant SQL Server Reporting Services (SSRS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	SQL Server 2008 système 32 bits, x64 et Itanium avec Service Pack 2 et Service Pack 3
Microsoft	N/A	SQL Server 2008 R2 système 32 bits, x64 et Itanium avec Service Pack 1
Microsoft	N/A	SQL Server 2005 système 32 bits, x64 et Itanium Service Pack 4
Microsoft	N/A	SQL Server 2005 Express Edition avec Advanced Services Service Pack 4

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS12-070 du 09 octobre 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SQL Server 2008 syst\u00e8me 32 bits, x64 et Itanium avec Service Pack 2 et Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server 2008 R2 syst\u00e8me 32 bits, x64 et Itanium avec Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server 2005 syst\u00e8me 32 bits, x64 et Itanium Service Pack 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server 2005 Express Edition avec Advanced Services Service Pack 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2552"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-560",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de type injection de code indirecte \u00e0 distance (XSS)\nest corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft SQL Server\u003c/span\u003e sur\nles syst\u00e8mes ex\u00e9cutant \u003cspan class=\"textit\"\u003eSQL Server Reporting\nServices\u003c/span\u003e (SSRS).\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft SQL Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-070 du 09 octobre 2012",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS12-070"
    }
  ]
}

CERTA-2012-AVI-560

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité de type injection de code indirecte à distance (XSS) est corrigée dans Microsoft SQL Server sur les systèmes exécutant SQL Server Reporting Services (SSRS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	SQL Server 2008 système 32 bits, x64 et Itanium avec Service Pack 2 et Service Pack 3
Microsoft	N/A	SQL Server 2008 R2 système 32 bits, x64 et Itanium avec Service Pack 1
Microsoft	N/A	SQL Server 2005 système 32 bits, x64 et Itanium Service Pack 4
Microsoft	N/A	SQL Server 2005 Express Edition avec Advanced Services Service Pack 4

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS12-070 du 09 octobre 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SQL Server 2008 syst\u00e8me 32 bits, x64 et Itanium avec Service Pack 2 et Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server 2008 R2 syst\u00e8me 32 bits, x64 et Itanium avec Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server 2005 syst\u00e8me 32 bits, x64 et Itanium Service Pack 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server 2005 Express Edition avec Advanced Services Service Pack 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2552"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-560",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de type injection de code indirecte \u00e0 distance (XSS)\nest corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft SQL Server\u003c/span\u003e sur\nles syst\u00e8mes ex\u00e9cutant \u003cspan class=\"textit\"\u003eSQL Server Reporting\nServices\u003c/span\u003e (SSRS).\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft SQL Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-070 du 09 octobre 2012",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS12-070"
    }
  ]
}

GHSA-W5X2-FGV5-G2X7

Vulnerability from github – Published: 2022-05-14 02:35 – Updated: 2022-05-14 02:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-10-09T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \"Reflected XSS Vulnerability.\"",
  "id": "GHSA-w5x2-fgv5-g2x7",
  "modified": "2022-05-14T02:35:05Z",
  "published": "2022-05-14T02:35:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2552"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/55783"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-2552 (GCVE-0-2012-2552)

FKIE_CVE-2012-2552

GSD-2012-2552

CERTA-2012-AVI-560

Solution

CERTA-2012-AVI-560

Solution

GHSA-W5X2-FGV5-G2X7

Tags

Sightings

Nomenclature