Microsoft Active Directory Federation Services CVE-2020-1055 Cross-Site Scripting Vulnerability

description-logoDescription

A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs. An un-authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected ADFS server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. This security update addresses the vulnerability by ensuring that ADFS properly sanitizes user inputs.

affected-products-logoAffected Applications

Windows 10
Windows Server version 1903 (Server Core installation)
Windows Server version 1909 (Server Core installation)
Windows Server 2019

CVE References

CVE-2020-1055