4.3

CVE-2004-0203

Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExchange Server Version5.5 Update-
MicrosoftExchange Server Version5.5 Updatesp1
MicrosoftExchange Server Version5.5 Updatesp2
MicrosoftExchange Server Version5.5 Updatesp3
MicrosoftExchange Server Version5.5 Updatesp4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.98% 0.972
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.kb.cert.org/vuls/id/948750
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-026
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16583
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2016
Third Party Advisory