Microsoft has announced the release of a security update for System Center 2012 Operations Manager UR8 it is available for download here or through the catalog:
Issues that are fixed in this update rollup:
- The home page link on the Web Console noscript.aspx file is vulnerable to cross-site scripting (XSS)A security vulnerability exists in the Web Console for System Center 2012 Operations Manager that could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. This fix resolves that vulnerability. For more information, see Microsoft Security Bulletin MS15-086.