[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-1193Date: (C)2006-06-13   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1016280
BID-18381
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html
SECUNIA-20634
OSVDB-26441
ADV-2006-2326
MS06-029
TA06-164A
VU#138188
exchange-owa-xss(25550)
http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt
oval:org.mitre.oval:def:1070
oval:org.mitre.oval:def:1161
oval:org.mitre.oval:def:1315

CPE    3
cpe:/a:microsoft:exchange_server:2000:sp2
cpe:/a:microsoft:exchange_server:2000:sp3
cpe:/a:microsoft:exchange_server:2000:sp1
CWE    1
CWE-79
OVAL    3
oval:org.mitre.oval:def:1161
oval:org.mitre.oval:def:1070
oval:org.mitre.oval:def:1315

© SecPod Technologies