What is CVE-2016-7251?

CVE-2016-7251 is a medium-severity vulnerability in Microsoft Sql_server, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-11-10.

How severe is CVE-2016-7251?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Microsoft Sql_server

CVE-2016-7251

Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.076 (92.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Microsoft Sql_server — versions 2016
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

1037250 (vdb-entry, x_refsource_SECTRACK)
94043 (vdb-entry, x_refsource_BID)
MS16-136 (x_refsource_MS, vendor-advisory)

Frequently asked questions

What is CVE-2016-7251?: CVE-2016-7251 is a medium-severity vulnerability in Microsoft Sql_server, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-11-10.
How severe is CVE-2016-7251?: Medium severity. CVSS v3 base score is 6.1 out of 10.