Description
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Microsoft / Windows10 Version 1809 for 32-bit Systems – 10 Version 1809 for 32-bit Systems
- Microsoft / Windows10 Version 1809 for x64-based Systems – 10 Version 1809 for x64-based Systems
- Microsoft / Windows10 Version 1809 for ARM64-based Systems – 10 Version 1809 for ARM64-based Systems
- Microsoft / Windows 10 Version 1903 for 32-bit Systemsunspecified – unspecified
- Microsoft / Windows 10 Version 1903 for ARM64-based Systemsunspecified – unspecified
- Microsoft / Windows 10 Version 1903 for x64-based Systemsunspecified – unspecified
- Microsoft / Windows 10 Version 1909 for 32-bit Systemsunspecified – unspecified
- Microsoft / Windows 10 Version 1909 for ARM64-based Systemsunspecified – unspecified
- Microsoft / Windows 10 Version 1909 for x64-based Systemsunspecified – unspecified
- Microsoft / Windows Server2019 (Core installation) – 2019 (Core installation)
- Microsoft / Windows Server2019 – 2019
- Microsoft / Windows Server, version 1903 (Server Core installation)unspecified – unspecified
- Microsoft / Windows Server, version 1909 (Server Core installation)unspecified – unspecified