6 matches found
Information disclosure
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Serve...
CVE-2018-0940
Microsoft Exchange Outlook Web Access OWA in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016...
Cross site scripting
Cross-site scripting XSS vulnerability in Outlook Web App OWA in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability."...
CVE-2015-1631
CVE-2015-1631 : Affects Microsoft Exchange Server 2013 SP1 and CU7. The vulnerability involves failure to properly verify the meeting organizer’s identity when processing meeting requests, allowing remote attackers to spoof meeting organizers via forged meeting requests (the Exchange Forged Meeti...
Microsoft Exchange Server Outlook Web Access CVE-2015-1628 Cross Site Scripting Vulnerability
Description Microsoft Exchange Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow...
Security update 1970-01-01
...