What is CVE-2012-2552?

CVE-2012-2552 is a vulnerability in Microsoft Sql_server, classified under Cross-site Scripting. Published 2012-10-09.

Is CVE-2012-2552 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Microsoft Sql_server

CVE-2012-2552

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.444 (97.6th percentile) — read the EPSS interpretation.

Affected products

Microsoft Sql_server — versions 2005, 2008, 2012
Microsoft Sql_server_reporting_services — versions 2000
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

bzuracyber/Azure-Compliance-as-Code-Pipeline

References

MS12-070 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:15395 (x_refsource_OVAL, signature, vdb-entry)
TA12-283A (US Government Resource, x_refsource_CERT, third-party-advisory)
55783 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2012-2552?: CVE-2012-2552 is a vulnerability in Microsoft Sql_server, classified under Cross-site Scripting. Published 2012-10-09.
Is CVE-2012-2552 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.