Home

CVE-2019-1332

Description

A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka Microsoft SQL Server Reporting Services XSS Vulnerability.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.932

Associated Vulnerability

VulnerabilityOS Platform
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability for SQL Server 2016 SP2 CU11 (KB4535706) 64 bitWindows
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability for SQL Server 2016 SP2 (KB4532097)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-28431Security Update for SQL Server 2016 SP2 CU11 (KB4535706) 64 bit
PATCH-28432Security Update for SQL Server 2016 SP2 (KB4532097)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234