CVE-2019-1332
N/A
N/A
Summary
A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | SQL Server 2017 Reporting Services | unspecified | affected |
| Microsoft | Power BI Report Server | unspecified | affected |
| Microsoft | SQL Server 2019 Reporting Services | unspecified | affected |
Weaknesses
- Spoofing
ADP Enrichment
CVE Program Container
Additional References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.