CVE-2019-1332

Published: Dec 10, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.

Vendor	Product	Versions
Microsoft	SQL Server 2017 Reporting Services	affected `unspecified`
Microsoft	Power BI Report Server	affected `unspecified`
Microsoft	SQL Server 2019 Reporting Services	affected `unspecified`

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332

x_refsource_MISC

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-1332

Description

Affected Products

References