3 matches found
CVE-2015-1628
CVE-2015-1628 is an XSS vulnerability in Outlook Web App (OWA) of Microsoft Exchange Server 2013 SP1 with CU7. A crafted X-OWA-Canary cookie enables a remote attacker to inject arbitrary web script/HTML via an AD.RecipientType.User action. Affected product: Microsoft Exchange Server 2013 SP1/CU7;...
Microsoft Exchange Server Privilege Escalation Vulnerability (3040856)
This host is missing an important security update according to Microsoft Bulletin MS15-026. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
KLA10591 Code injection in Microsoft Exchange Server
Multiple XSS vulnerabilities were found in Microsoft Exchange Server. By exploiting these vulnerabilities malicious users can inject arbitrary web script or spoof user interface. These vulnerabilities can be exploited remotely via a specially designed URL, msgParam or other unknown vectors...