Информационная безопасность
[RU] switch to English


Межсайтовый скриптинг в Microsoft Exchange
Опубликовано:16 апреля 2015 г.
Источник:
SecurityVulns ID:14386
Тип:локальная
Уровень опасности:
6/10
Описание:Множество возможностей межсайтового скриптинга.
Затронутые продукты:MICROSOFT : Exchange Server 2013
CVE:CVE-2015-1632 (Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability.")
 CVE-2015-1630 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability.")
 CVE-2015-1629 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability.")
 CVE-2015-1628 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability.")
Файлы: Microsoft Security Bulletin MS15-026 - Important Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3040856)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород