Skip to main content

Microsoft System Center Configuration Manager XSS Vulnerability

Last Update Date: 12 Sep 2012 12:36 Release Date: 12 Sep 2012 4946 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A cross-site scripting (XSS) vulnerability exists in System Center Configuration Manager where code can be injected back to the user in the resulting page, effectively allowing attacker-controlled code to run in the context of the user clicking the link.


Impact

  • Cross-Site Scripting
  • Elevation of Privilege

System / Technologies affected

  • Microsoft Systems Management Server 2003 Service Pack 3
  • Microsoft System Center Configuration Manager 2007 Service Pack 2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link