CVSS: 6.8EPSS: 5%CPEs: 3EXPL: 4CVE-2010-3213 – Outlook Web Access 2007 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2010-3213
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Microsoft Outlook Web Access (owa/ev.owa) 2007 hasta SP2 permite a atacantes remotos secuestrar la autenticación de usuarios de e-mail para peticiones que llevan a cabo peticiones Outlook, como se demostró estableciendo la regla de "auto-forward" • https://www.exploit-db.com/exploits/14285 http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails http://www.exploit-db.com/exploits/14285 http://www.securityfocus.com/bid/41462 https://exchange.xforce.ibmcloud.com/vulnerabilities/60164 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 96%CPEs: 4EXPL: 0CVE-2008-2248
https://notcve.org/view.php?id=CVE-2008-2248
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. La vulnerabilidad de tipo Cross-site scripting (XSS) en Outlook Web Access (OWA) para Exchange Server 2003 SP2, permite a atacantes remotos inyectar script web o HTML por medio de HTML no especificado, una vulnerabilidad diferente a la CVE-2008-2247. • http://secunia.com/advisories/30964 http://www.securityfocus.com/bid/30078 http://www.securitytracker.com/id?1020439 http://www.us-cert.gov/cas/techalerts/TA08-190A.html http://www.vupen.com/english/advisories/2008/2021/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-039 https://exchange.xforce.ibmcloud.com/vulnerabilities/43329 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •