Описание
Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryVDB Entry
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryVDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.18968
Средний
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.
EPSS
Процентиль: 95%
0.18968
Средний
4.3 Medium
CVSS2
Дефекты
CWE-79