CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0028
https://notcve.org/view.php?id=CVE-2016-0028
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability." Outlook Web Access (OWA) en Microsoft Exchange Server 2013 SP1, Cumulative Update 11 y Cumulative Update 12 y 2016 Gold y Cumulative Update 1 no restringe correctamente la carga de elementos IMG, lo que facilita a atacantes remotos rastrear usuarios a través de un mensaje de e-mail HTML manipulado, también conocida como "Microsoft Exchange Information Disclosure Vulnerability". • http://www.securitytracker.com/id/1036106 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-079 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0032
https://notcve.org/view.php?id=CVE-2016-0032
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability." Vulnerabilidad de XSS en Outlook Web Access (OWA) en Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11 y 2016 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocida como "Exchange Spoofing Vulnerability". • http://www.securityfocus.com/bid/79884 http://www.securitytracker.com/id/1034647 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0030
https://notcve.org/view.php?id=CVE-2016-0030
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability." Vulnerabilidad de XSS en Outlook Web Access (OWA) en Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10 y 2016 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocido como "Exchange Spoofing Vulnerability". • http://www.securityfocus.com/bid/79890 http://www.securitytracker.com/id/1034647 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 7%CPEs: 3EXPL: 0CVE-2015-2505
https://notcve.org/view.php?id=CVE-2015-2505
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability." Vulnerabilidad en Outlook Web Access (OWA) en Microsoft Exchange Server 2013 Cumulative Update 8 y 9 y SP1, permite a atacantes remotos obtener información sensible del stacktrace a través de una petición manipulada, también conocida como 'Exchange Information Disclosure Vulnerability.' • http://www.securitytracker.com/id/1033495 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-103 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 5%CPEs: 2EXPL: 0CVE-2015-2543
https://notcve.org/view.php?id=CVE-2015-2543
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability." Vulnerabilidad de XSS en Outlook Web Access (OWA) en Microsoft Exchange Server 2013 Cumulative Update 8 y 9, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un mensaje de correo electrónico manipulado, también conocida como 'Exchange Spoofing Vulnerability.' • http://www.securitytracker.com/id/1033495 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-103 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •