4 matches found
CVE-2015-1632
Cross-site scripting XSS vulnerability in errorfe.aspx in Outlook Web App OWA in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site...
CVE-2015-1632
The CVE-2015-1632 issue is a Cross-site scripting vulnerability in Outlook Web App (OWA) errorfe.aspx of Microsoft Exchange Server 2013 SP1 and Cumulative Update 7, exploitable via the msgParam parameter in an authError action. The root cause is improper sanitization of error messages in OWA, ena...
Microsoft Exchange Server Privilege Escalation Vulnerability (3040856)
This host is missing an important security update according to Microsoft Bulletin MS15-026. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
KLA10591 Code injection in Microsoft Exchange Server
Multiple XSS vulnerabilities were found in Microsoft Exchange Server. By exploiting these vulnerabilities malicious users can inject arbitrary web script or spoof user interface. These vulnerabilities can be exploited remotely via a specially designed URL, msgParam or other unknown vectors...