New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 3.8
SynopsisThe remote Windows host contains a web control that could allow information disclosure.
DescriptionThe installed version of the Microsoft Report Viewer control fails to properly validate parameters within a data source, which results in a reflected (or non-persistent) cross-site scripting vulnerability.
If an attacker can trick a user into clicking on a link to a malicious server, he could inject a client-side script in the user's browser that in turn could be used to spoof content or disclose sensitive information.
SolutionMicrosoft has released a set of patches for Microsoft Visual Studio 2005 SP1 and the Microsoft Report Viewer 2005 SP1 Redistributable Package.