Vulnerability Details CVE-2019-1332
A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332
Products affected by CVE-2019-1332
-
cpe:2.3:a:microsoft:power_bi_report_server:-
-
cpe:2.3:a:microsoft:sql_server_2017_reporting_services:-
-
cpe:2.3:a:microsoft:sql_server_2019_reporting_services:-