Endpoint Vulnerability

Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability

Description

A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs. An un-authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected ADFS server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. This security update addresses the vulnerability by ensuring that ADFS properly sanitizes user inputs.

Affected Products

Windows 10,Windows Server, version 1903 (Server Core installation),Windows Server, version 1909 (Server Core installation),Windows Server 2019

References

CVE-2020-1055,