CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-2552

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.577

EPSS Ranking 98.0%

CVSS Severity

CVSS v2 Score 4.3

References

http://www.securityfocus.com/bid/55783
http://www.us-cert.gov/cas/techalerts/TA12-283A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395
http://www.securityfocus.com/bid/55783
http://www.us-cert.gov/cas/techalerts/TA12-283A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15395

Products affected by CVE-2012-2552

Microsoft » Sql Server » Version: 2005

cpe:2.3:a:microsoft:sql_server:2005
Microsoft » Sql Server » Version: 2008

cpe:2.3:a:microsoft:sql_server:2008
Microsoft » Sql Server » Version: 2012

cpe:2.3:a:microsoft:sql_server:2012
Microsoft » Sql Server Reporting Services » Version: 2000

cpe:2.3:a:microsoft:sql_server_reporting_services:2000

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-2552

Products

Pricing

Contact Us