CVE-2019-1332

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

1.6%

top 18.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Power BI Report Server Microsoft SQL Server 2017 Reporting Services Microsoft SQL Server 2019 Reporting Services

Timeline

PublishedDec 10

Latest updateMay 24

Description

A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5microsoft/sql_server_2017_reporting_servicesunspecified

▶CVEListV5microsoft/sql_server_2019_reporting_servicesunspecified

▶CVEListV5microsoft/power_bi_report_serverunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-hh72-g9hv-8pq3: A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted w↗2022-05-24

▶

CVEList

CVE-2019-1332: A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted w↗2019-12-10

▶

📋Vendor Advisories

Microsoft

Microsoft SQL Server Reporting Services XSS Vulnerability↗2019-12-10

▶