CVE-2012-2536

Microsoft System Center Configuration Manager - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."

References (4)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA12-255A.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/55430

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062

Scores

EPSS 0.4436

EPSS Percentile 97.5%

Classification

CWE

CWE-79

Status published

Affected Products (3)

microsoft/system_center_configuration_manager

microsoft/systems_management_server

n/a/n/a

Timeline

Published Sep 11, 2012

Tracked Since Feb 18, 2026