NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

CPE Product Version: cpe:/a:microsoft:exchange_server:2013:sp1

There are 30 matching records.

Displaying matches 21 through 30.

Vuln ID	Summary	CVSS Severity
CVE-2015-1764	The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability." Published: June 09, 2015; 9:59:33 PM -0400	V3.x:(not available) V2.0: 4.3 MEDIUM
CVE-2015-1632	Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability." Published: March 11, 2015; 6:59:34 AM -0400	V3.x:(not available) V2.0: 4.3 MEDIUM
CVE-2015-1631	Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability." Published: March 11, 2015; 6:59:34 AM -0400	V3.x:(not available) V2.0: 5.0 MEDIUM
CVE-2015-1630	Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability." Published: March 11, 2015; 6:59:33 AM -0400	V3.x:(not available) V2.0: 4.3 MEDIUM
CVE-2015-1629	Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability." Published: March 11, 2015; 6:59:32 AM -0400	V3.x:(not available) V2.0: 4.3 MEDIUM
CVE-2015-1628	Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability." Published: March 11, 2015; 6:59:31 AM -0400	V3.x:(not available) V2.0: 4.3 MEDIUM
CVE-2014-6336	Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." Published: December 10, 2014; 7:59:07 PM -0500	V3.x:(not available) V2.0: 3.5 LOW
CVE-2014-6326	Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325. Published: December 10, 2014; 7:59:02 PM -0500	V3.x:(not available) V2.0: 4.3 MEDIUM
CVE-2014-6325	Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326. Published: December 10, 2014; 7:59:01 PM -0500	V3.x:(not available) V2.0: 4.3 MEDIUM
CVE-2014-6319	Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability." Published: December 10, 2014; 7:59:00 PM -0500	V3.x:(not available) V2.0: 5.0 MEDIUM