Search Results (Refine Search)
- CPE Product Version: cpe:/a:microsoft:exchange_server:2013:sp1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1764 |
The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability." Published: June 09, 2015; 9:59:33 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1632 |
Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability." Published: March 11, 2015; 6:59:34 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1631 |
Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability." Published: March 11, 2015; 6:59:34 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1630 |
Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability." Published: March 11, 2015; 6:59:33 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1629 |
Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability." Published: March 11, 2015; 6:59:32 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1628 |
Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability." Published: March 11, 2015; 6:59:31 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-6336 |
Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." Published: December 10, 2014; 7:59:07 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-6326 |
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325. Published: December 10, 2014; 7:59:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-6325 |
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326. Published: December 10, 2014; 7:59:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-6319 |
Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability." Published: December 10, 2014; 7:59:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |