CVSS: 6.1EPSS: 8%CPEs: 2EXPL: 0CVE-2015-1629
https://notcve.org/view.php?id=CVE-2015-1629
11 Mar 2015 — Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability." Vulnerabilidad de XSS en Outlook Web App (OWA) en Microsoft Exchange Server 2013 SP1 y Cumulative Update 7 permite a atacantes remotos inyectar secuencias de comandos web oarbitrarios o HTML a través de una URL manipulada, también conocido como 'vu... • http://www.securitytracker.com/id/1031900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 8%CPEs: 2EXPL: 0CVE-2015-1630
https://notcve.org/view.php?id=CVE-2015-1630
11 Mar 2015 — Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability." Vulnerabilidad de XSS en Outlook Web App (OWA) en Microsoft Exchange Server 2013 SP1 y Cumulative Update 7 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada, también conocido como 'vu... • http://www.securitytracker.com/id/1031900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 0CVE-2015-1631
https://notcve.org/view.php?id=CVE-2015-1631
11 Mar 2015 — Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability." Microsoft Exchange Server 2013 SP1 y Cumulative Update 7 permite a atacantes remotos falsificar los organizadores de reuniones a través de vectores no especificados, también conocido como 'vulnerabilidad de la falsificación de solicitudes de reuniones falsas de Exchange.' • http://www.securitytracker.com/id/1031900 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 6%CPEs: 2EXPL: 0CVE-2015-1632
https://notcve.org/view.php?id=CVE-2015-1632
11 Mar 2015 — Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability." Vulnerabilidad de XSS en errorfe.aspx en Outlook Web App (OWA) en Microsoft Exchange Server 2013 SP1 y Cumulative Update 7 permite a atacantes remotos inyectar secuencias de comandos web ar... • http://www.securitytracker.com/id/1031900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2014-6319
https://notcve.org/view.php?id=CVE-2014-6319
11 Dec 2014 — Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability." Outlook Web App (OWA) en Microsoft Exchange Server 2007 SP3, 2010 SP3, y 2013 SP1 y Cumulative Update 6 no valida correctamente los tokens en solicitudes, lo que permite a atacantes remotos suplantar el origen d... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 3%CPEs: 2EXPL: 0CVE-2014-6336
https://notcve.org/view.php?id=CVE-2014-6336
11 Dec 2014 — Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." Outlook Web App (OWA) en Microsoft Exchange Server 2013 SP1 y Cumulative Update 6 no valida debidamente los tokens de la redirección, lo que permite a atacantes remotos redirigir usuarios hacia sitio... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 5%CPEs: 2EXPL: 0CVE-2014-6325
https://notcve.org/view.php?id=CVE-2014-6325
11 Dec 2014 — Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326. Vulnerabilidad de XSS en Microsoft Exchange Server 2013 SP1 y Cumulative Update 6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocido como 'vulnerabilidad de OWA XSS,' una ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 5%CPEs: 2EXPL: 0CVE-2014-6326
https://notcve.org/view.php?id=CVE-2014-6326
11 Dec 2014 — Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325. Vulnerabilidad de XSS en Microsoft Exchange Server 2013 SP1 y Cumulative Update 6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocido como 'vulnerabilidad de OWA XSS,' una ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 4EXPL: 0CVE-2013-5072
https://notcve.org/view.php?id=CVE-2013-5072
11 Dec 2013 — Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability." Vulnerabilidad de XSS en Outlook Web Access de Microsoft Exchange Server 2010 SP2 y SP3 y 2013 Cumulative Update 2 y 3 permite a atacantes remotos inyectar script web o HTML arbitrario a través de una URL manipulada, también conocido como "OWA XSS Vulnerabi... • http://www.securityfocus.com/bid/64085 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •