Intrusion Prevention

MS.SCOM.Web.Console.XSS

Description

This indicates a possible exploit of a Cross Site Scripting (XSS) vulnerability in Microsoft SCOM web console.
The vulnerability is due to the insufficient sanitizing of input parameters when handling client requests. It may allow remote attackers to execute arbitrary commands in the context of the target user via a crafted request

Affected Products

Microsoft System Center Operations Manager 2007 Service Pack 1
Microsoft System Center Operations Manager 2007 R2

Impact

System Compromise: Remote attackers can execute arbitrary commands.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://technet.microsoft.com/security/bulletin/MS13-003

CVE References

CVE-2013-0010