The host is installed with Microsoft Exchange Server 2013 or SP1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly sanitize page content in Outlook Web App. Successful exploitation could allow attackers to execute arbitrary code.