Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER script tag in URI - likely cross-site scripting attempt

Rule Explanation

Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability." Impact: CVSS base score 4.3 CVSS impact score 2.9 CVSS exploitability score 8.6 confidentialityImpact NONE integrityImpact PARTIAL availabilityImpact PARTIAL Details: Ease of Attack:

What To Look For

This rule alerts when a script tag is present in a URI.

Known Usage

No public information

False Positives

No known false positives

Contributors

Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].

MITRE ATT&CK Framework

Tactic: Defense Evasion

Technique: Web Service

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

Cross Site Scripting (XSS)

Cross Site Scripting (XSS) attackers send malicious input to a site that does not validate the input, usually in the form of a script. The application sends the malicious code to the browsers of other users, which will execute the script unknowingly. The malicious code uses the trust of the host website to access cookies, session tokens, or other sensitive information. There are multiple types of XSS, including Stored, Reflected, and DOM based.

CVE Additional Information

CVE-2012-1857
Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
Details
SeverityMEDIUM Base Score4.3
Impact Score2.9 Exploit Score8.6
Confidentiality ImpactNONE Integrity ImpactPARTIAL
Availability ImpactNONE Access Vector
AuthenticationNONE Ease of Access
CVE-2015-1653
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
Details
SeverityMEDIUM Base Score4.3
Impact Score2.9 Exploit Score8.6
Confidentiality ImpactNONE Integrity ImpactPARTIAL
Availability ImpactNONE Access Vector
AuthenticationNONE Ease of Access
CVE-2014-4075
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."
Details
SeverityMEDIUM Base Score4.3
Impact Score2.9 Exploit Score8.6
Confidentiality ImpactNONE Integrity ImpactPARTIAL
Availability ImpactNONE Access Vector
AuthenticationNONE Ease of Access
CVE-2014-4116
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."
Details
SeverityMEDIUM Base Score4.3
Impact Score2.9 Exploit Score8.6
Confidentiality ImpactNONE Integrity ImpactPARTIAL
Availability ImpactNONE Access Vector
AuthenticationNONE Ease of Access