6.8
CVE-2007-0220
- EPSS 33.15%
- Veröffentlicht 08.05.2007 23:19:00
- Zuletzt bearbeitet 16.06.2026 22:35:08
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Exchange Server Version2000 Updatesp3
Microsoft ≫ Exchange Server Version2003 Updatesp1
Microsoft ≫ Exchange Server Version2003 Updatesp2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 33.15% | 0.981 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.us-cert.gov/cas/techalerts/TA07-128A.html
http://secunia.com/advisories/25183
http://www.securitytracker.com/id?1018015
http://www.vupen.com/english/advisories/2007/1711
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-026
http://www.kb.cert.org/vuls/id/124113
http://www.osvdb.org/34389
http://www.securityfocus.com/bid/23806
https://exchange.xforce.ibmcloud.com/vulnerabilities/33887
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1371