CVE-2016-7251

Summary

Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."

Impact & exploitability

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products we track (1)

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

• NVD record
• http://www.securityfocus.com/bid/94043
• http://www.securitytracker.com/id/1037250
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136