Vulnerability Details : CVE-2015-1757
Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Elevation of Privilege Vulnerability."
Vulnerability category: Cross site scripting (XSS)Gain privilege
Products affected by CVE-2015-1757
- cpe:2.3:a:microsoft:active_directory_federation_services:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:active_directory_federation_services:2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1757
13.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1757
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-1757
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1757
-
http://www.securitytracker.com/id/1032526
Microsoft Active Directory Federation Services Input Validation Flaw Permits Cross-Site Scripting Attacks - SecurityTracker
-
http://www.securityfocus.com/bid/75023
Microsoft Active Directory Federation Services CVE-2015-1757 Privilege Escalation Vulnerability
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-062
Microsoft Security Bulletin MS15-062 - Important | Microsoft Docs
Jump to