Microsoft

Exchange Server

228 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-1629

  • EPSS 6.94%
  • Veröffentlicht 11.03.2015 10:59:32
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vu...

4.3

CVE-2015-1628

  • EPSS 6.94%
  • Veröffentlicht 11.03.2015 10:59:31
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.Us...

3.5

CVE-2014-6336

  • EPSS 2.83%
  • Veröffentlicht 11.12.2014 00:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unsp...

4.3

CVE-2014-6326

  • EPSS 5.13%
  • Veröffentlicht 11.12.2014 00:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2...

4.3

CVE-2014-6325

  • EPSS 5.13%
  • Veröffentlicht 11.12.2014 00:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2...

5

CVE-2014-6319

  • EPSS 4.15%
  • Veröffentlicht 11.12.2014 00:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, a...

4.3

CVE-2013-5072

  • EPSS 6.64%
  • Veröffentlicht 11.12.2013 00:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerabili...

6.8

CVE-2013-0418

  • EPSS 20.46%
  • Veröffentlicht 17.01.2013 01:55:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability t...

3.5

CVE-2012-4791

  • EPSS 41.87%
  • Veröffentlicht 12.12.2012 00:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."

4

CVE-2010-3937

  • EPSS 33.66%
  • Veröffentlicht 16.12.2010 19:33:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."