Vulnerability Description
Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka "UDDI Services Elevation of Privilege Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Biztalk Server | 2010 |
| Microsoft | Windows Server 2008 | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/76259
- http://www.securitytracker.com/id/1033246
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-08
- http://www.securityfocus.com/bid/76259
- http://www.securitytracker.com/id/1033246
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-08
FAQ
What is CVE-2015-2475?
CVE-2015-2475 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote at...
How severe is CVE-2015-2475?
CVE-2015-2475 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2475?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Biztalk Server, Microsoft Windows Server 2008.