Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MicrosoftExchange Server2013

11 matches found

CVE
CVEadded 2015/06/10 1:59 a.m.64 views

CVE-2015-1771

Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."

6.8CVSS7.3AI score0.02384EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.63 views

CVE-2015-2359

Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."

4.3CVSS5.9AI score0.14054EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.62 views

CVE-2015-1764

The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forger...

4.3CVSS6.6AI score0.09472EPSS
CVE
CVEadded 2015/03/11 10:59 a.m.56 views

CVE-2015-1631

Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."

5CVSS6.8AI score0.08599EPSS
CVE
CVEadded 2015/09/09 12:59 a.m.54 views

CVE-2015-2505

Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability."

5CVSS5.8AI score0.1646EPSS
CVE
CVEadded 2015/03/11 10:59 a.m.53 views

CVE-2015-1628

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cro...

4.3CVSS5.4AI score0.06935EPSS
CVE
CVEadded 2015/09/09 12:59 a.m.53 views

CVE-2015-2543

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."

4.3CVSS5.6AI score0.08117EPSS
CVE
CVEadded 2015/03/11 10:59 a.m.51 views

CVE-2015-1632

Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Sc...

4.3CVSS5.5AI score0.06643EPSS
CVE
CVEadded 2015/03/11 10:59 a.m.50 views

CVE-2015-1629

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability."

4.3CVSS5.4AI score0.06935EPSS
CVE
CVEadded 2015/09/09 12:59 a.m.46 views

CVE-2015-2544

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."

4.3CVSS5.6AI score0.08117EPSS
CVE
CVEadded 2015/03/11 10:59 a.m.44 views

CVE-2015-1630

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability."

4.3CVSS5.4AI score0.06935EPSS