← Back

CVE-2015-2420

nvd nist
Published: Aug 15, 2015Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager Web Console XSS Vulnerability."

Affected (22)

Microsoft
1 product
System Center Operations Manager
Configuration A
22 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
System Center Operations Manager
Version 2012 r2_rollup1
System Center Operations Manager
Version 2012 r2_rollup2
System Center Operations Manager
Version 2012 r2_rollup3
System Center Operations Manager
Version 2012 r2_rollup4
System Center Operations Manager
Version 2012 r2_rollup5
System Center Operations Manager
Version 2012 r2_rollup6
System Center Operations Manager
Version 2012 rollup1
System Center Operations Manager
Version 2012 rollup2
System Center Operations Manager
Version 2012 rollup3
System Center Operations Manager
Version 2012 rollup4
System Center Operations Manager
Version 2012 rollup5
System Center Operations Manager
Version 2012 rollup6
System Center Operations Manager
Version 2012 rollup7
System Center Operations Manager
Version 2012 sp1_rollup1
System Center Operations Manager
Version 2012 sp1_rollup2
System Center Operations Manager
Version 2012 sp1_rollup3
System Center Operations Manager
Version 2012 sp1_rollup4
System Center Operations Manager
Version 2012 sp1_rollup5
System Center Operations Manager
Version 2012 sp1_rollup6
System Center Operations Manager
Version 2012 sp1_rollup7
System Center Operations Manager
Version 2012 sp1_rollup8
System Center Operations Manager
Version 2012 sp1_rollup9

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.