CVE-2019-1453 — Cross-site Scripting in Microsoft Windows

CWE-79 — Cross-site Scripting20 documents9 sources

Severity

7.5HIGHNVD

EPSS

10.0%

top 6.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows 10 Version 1903 FOR 32-bit Systems Microsoft Windows 10 Version 1903 FOR Arm64-based Systems +9 more

Timeline

PublishedDec 10

Latest updateMay 24

Description

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1909_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1909_for_x64-based_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1903_for_arm64-based_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-3w89-xp68-5ffh: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially↗2022-05-24

▶

CVEList

CVE-2019-1453: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially↗2019-12-10

▶

📋Vendor Advisories

Microsoft

Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability↗2019-12-10

▶

Red Hat

jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)↗2019-08-28

▶