PT-2026-58285 · Microsoft · Power Bi Report Server
Published
2026-07-14
·
Updated
2026-07-15
·
CVE-2026-58647
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Power BI Report Server versions prior to 15.0.1121.120
Description
Improper neutralization of input during web page generation leads to cross-site scripting (XSS), a technique where malicious scripts are injected into trusted websites. This allows an authorized attacker to perform spoofing over a network by slipping deceptive content into the browsers of other users.
Recommendations
Update Power BI Report Server to version 15.0.1121.120 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Power Bi Report Server