What is the severity of CVE-2012-2552?

CVE-2012-2552 is classified as a critical severity vulnerability due to its potential for exploitation via cross-site scripting.

How do I fix CVE-2012-2552?

To fix CVE-2012-2552, apply the latest security updates provided by Microsoft for your affected version of SQL Server.

What versions are affected by CVE-2012-2552?

CVE-2012-2552 affects Microsoft SQL Server versions 2000 SP2, 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012.

What type of vulnerability is CVE-2012-2552?

CVE-2012-2552 is a cross-site scripting (XSS) vulnerability that allows attackers to inject arbitrary scripts or HTML.

How can CVE-2012-2552 be exploited?

CVE-2012-2552 can be exploited by remote attackers through unspecified parameters that allow script injection into web pages.

Vulnerability/
CVE-2012-2552

medium

4.3

CWE

9/10/2012

6/8/2024

CVE-2012-2552: XSS

First published: Tue Oct 09 2012(Updated: )

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft SQL Server	=2005-sp4
Microsoft SQL Server	=2005-sp4
Microsoft SQL Server	=2005-sp4
Microsoft SQL Server	=2005-sp4
Microsoft SQL Server	=2008-r2_sp1
Microsoft SQL Server	=2008-r2_sp1
Microsoft SQL Server	=2008-r2_sp1
Microsoft SQL Server	=2008-sp2
Microsoft SQL Server	=2008-sp2
Microsoft SQL Server	=2008-sp2
Microsoft SQL Server	=2008-sp3
Microsoft SQL Server	=2008-sp3
Microsoft SQL Server	=2008-sp3
Microsoft SQL Server	=2012
Microsoft SQL Server	=2012
Microsoft SQL Server Reporting Services	=2000-sp2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-2552?
CVE-2012-2552 is classified as a critical severity vulnerability due to its potential for exploitation via cross-site scripting.
How do I fix CVE-2012-2552?
To fix CVE-2012-2552, apply the latest security updates provided by Microsoft for your affected version of SQL Server.
What versions are affected by CVE-2012-2552?
CVE-2012-2552 affects Microsoft SQL Server versions 2000 SP2, 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012.
What type of vulnerability is CVE-2012-2552?
CVE-2012-2552 is a cross-site scripting (XSS) vulnerability that allows attackers to inject arbitrary scripts or HTML.
How can CVE-2012-2552 be exploited?
CVE-2012-2552 can be exploited by remote attackers through unspecified parameters that allow script injection into web pages.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/microsoft
canonical/microsoft sql server
version/microsoft sql server/2005-sp4
version/microsoft sql server/2008-r2_sp1
version/microsoft sql server/2008-sp2
version/microsoft sql server/2008-sp3
version/microsoft sql server/2012
canonical/microsoft sql server reporting services
version/microsoft sql server reporting services/2000-sp2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.