Skip to main content

Microsoft Report Viewer Controls XSS Vulnerability

Last Update Date: 10 Aug 2011 12:26 Release Date: 10 Aug 2011 6403 Views

RISK: Medium Risk

TYPE: Operating Systems - Application Platforms

TYPE: Application Platforms

An information disclosure vulnerability exists in the way that the Microsoft Report Viewer control improperly validates parameters within a data source. An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser. The script could then be used to spoof content or disclose sensitive information. Note that this vulnerability would not allow an attacker to execute code outside of the browser or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.


Impact

  • Cross-Site Scripting

System / Technologies affected

  • Microsoft Visual Studio 2005
  • Microsoft Report Viewer 2005

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 


Vulnerability Identifier


Source


Related Link