Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("javAsc
ript:") in an IMG tag.
CVSS v2.0 Score
4.3
/ 10.0
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Information
- Published
- 14 juin 2005
- Updated
- 16 avr. 2026
- Status
- Modified
- Source
- secure@microsoft.com
Affected products
microsoft exchange server
Versions : 5.5
Weaknesses (CWE)
CWE-79
References (8)
- http://secunia.com/advisories/15697Third Party Advisory
- http://www.idefense.com/application/poi/display?id=261&type=vulnerabilitiesPatchThird Party Advisory
- http://www.securityfocus.com/bid/13952Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/15697Third Party Advisory
- http://www.idefense.com/application/poi/display?id=261&type=vulnerabilitiesPatchThird Party Advisory
- http://www.securityfocus.com/bid/13952Third Party AdvisoryVDB Entry
Similar CVEs
Other vulnerabilities of type CWE-79
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.