Home

CVE-2015-1757

Description

Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka ADFS XSS Elevation of Privilege Vulnerability.

Risk Information

Base Score
5.4
MODERATE
Vector
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
10.694

Associated Vulnerability

VulnerabilityOS Platform
ms15-062: vulnerability in active directory federation services could allow elevation of privilege: june 9, 2015 for Windows Server 2008 (KB3062577)Windows
ms15-062: vulnerability in active directory federation services could allow elevation of privilege: june 9, 2015 for Windows Server 2008 x64 Edition (KB3062577)Windows
ms15-062: vulnerability in active directory federation services could allow elevation of privilege: june 9, 2015 for Windows Server 2008 R2 x64 Edition (KB3062577)Windows
ms15-062: vulnerability in active directory federation services could allow elevation of privilege: june 9, 2015 for Windows Server 2012 (KB3062577)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-17975Security Update for Windows Server 2008 (KB3062577)
PATCH-17976Security Update for Windows Server 2008 x64 Edition (KB3062577)
PATCH-17977Security Update for Windows Server 2008 R2 x64 Edition (KB3062577)
PATCH-17978Security Update for Windows Server 2012 (KB3062577)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234