CVE-2012-2536

Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."

Published: Sep 11, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2536
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
microsoft / system_center_configuration_manager	2007-sp2	2007-sp2.x
microsoft / systems_management_server	2003-sp2	2003-sp2.x

http://www.securityfocus.com/bid/55430
http://www.us-cert.gov/cas/techalerts/TA12-255A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781

Vulnerability Database

289,697

CVE-2012-2536