The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft SMS

vulnerability announce CVE-2012-2536

Microsoft System Center Configuration Manager, SMS: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in Microsoft System Center Configuration Manager (and Microsoft Systems Management Server), in order to execute JavaScript code in the context of the web site.
Impacted products: SCCM, Microsoft SMS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 11/09/2012.
Identifiers: 2741528, BID-55430, CERTA-2012-AVI-495, CVE-2012-2536, MS12-062, VIGILANCE-VUL-11932.

Description of the vulnerability

Microsoft System Center Configuration Manager and Microsoft Systems Management Server offer a web service

However, these web sites do not filter their parameters, before displaying them in generated HTML pages.

An attacker can therefore generate a Cross Site Scripting in Microsoft System Center Configuration Manager (and Microsoft Systems Management Server), in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.