SQL Server Reporting Services XSS vulnerability

Applies to: SQL Server 2016 Service Pack 2

Symptoms


A cross-site scripting (XSS) vulnerability exists if Microsoft SQL Server Reporting Services (SSRS) does not correctly sanitize a specially-crafted web request to an affected SSRS server. See CVE-2019-1332 for details.

Resolution


To fix this issue in the products that are listed in “Applies to,” install the following security update, as appropriate: