HTTP: Microsoft Visual Studio Team Web Access Console Cross Site Scripting

This signature detects attempts to exploit a known cross-site scripting vulnerability in the Microsoft Visual Studio Team Web Access console. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Extended Description

Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."

Affected Products

Microsoft visual_studio_team_foundation_server

References

CVE: CVE-2012-1892

Short Name
HTTP:XSS:MS-VSTWAC-TFS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Access CVE-2012-1892 Console Cross Microsoft Scripting Site Studio Team Visual Web
Release Date
09/10/2012
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Unknown
Vendors

Microsoft

CVSS Score

4.3

Found a potential security threat?