Microsoft Outlook Web Access crossite scripting

2005-06-1500:00:00

BUGTRAQ

vulners.com

It's possible to inject script into message and to acces username/password.

CPENameOperatorVersion
exchangeeq5.5
exchangeeq2000

CPE	Name	Operator	Version
	exchange	eq	5.5
	exchange	eq	2000

References

vulners.com/securityvulns/securityvulns:doc:4792

vulners.com/securityvulns/securityvulns:doc:4816

vulners.com/securityvulns/securityvulns:doc:5246

vulners.com/securityvulns/securityvulns:doc:5257

vulners.com/securityvulns/securityvulns:doc:6596

vulners.com/securityvulns/securityvulns:doc:6604

vulners.com/securityvulns/securityvulns:doc:8861