CVE-2020-1055

Summary

A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows10 Version 1809 for 32-bit Systemsaffected
MicrosoftWindows10 Version 1809 for x64-based Systemsaffected
MicrosoftWindows10 Version 1809 for ARM64-based Systemsaffected
MicrosoftWindows Server2019affected
MicrosoftWindows Server2019 (Core installation)affected
MicrosoftWindows 10 Version 1909 for 32-bit Systemsunspecifiedaffected
MicrosoftWindows 10 Version 1909 for x64-based Systemsunspecifiedaffected
MicrosoftWindows 10 Version 1909 for ARM64-based Systemsunspecifiedaffected
MicrosoftWindows Server, version 1909 (Server Core installation)unspecifiedaffected
MicrosoftWindows 10 Version 1903 for 32-bit Systemsunspecifiedaffected
MicrosoftWindows 10 Version 1903 for x64-based Systemsunspecifiedaffected
MicrosoftWindows 10 Version 1903 for ARM64-based Systemsunspecifiedaffected
MicrosoftWindows Server, version 1903 (Server Core installation)unspecifiedaffected

Weaknesses

  • Spoofing

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References