CVE-2011-1976

Name of the Vulnerable Software and Affected Versions Microsoft Visual Studio version 2005 SP1 Report Viewer version 2005 SP1

Description A cross-site scripting (XSS) issue exists in the Report Viewer Control, allowing remote attackers to inject arbitrary web script or HTML via a parameter in a data source.

Recommendations For Microsoft Visual Studio 2005 SP1, update the Report Viewer Control to a version that includes the fix for this issue. For Report Viewer 2005 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Report Viewer Control until a patch is available.