XSS in Microsoft Sql_server

CVE-2014-1820

Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Ser…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.214 (95.8th percentile) — read the EPSS interpretation.

Affected products

Microsoft Sql_server — versions 2012, 2014
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

60676 (x_refsource_SECUNIA, third-party-advisory)
1030716 (vdb-entry, x_refsource_SECTRACK)
MS14-044 (x_refsource_MS, vendor-advisory)
69071 (vdb-entry, x_refsource_BID)