Cross-Site Scripting Vulnerability in Outlook Web Access for Exchange Server 2003
CVE-2008-2248

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Web Access; Exchange Server
Vendor: CVE Published:; 8 July 2008

Summary

A Cross-Site Scripting (XSS) vulnerability exists in Outlook Web Access (OWA) for Microsoft Exchange Server 2003 SP2, allowing remote attackers to inject arbitrary web scripts or HTML into user sessions. This weakness can be exploited through unspecified HTML elements, presenting a significant risk for users accessing OWA. By leveraging this vulnerability, attackers could perform actions such as stealing session cookies or deploying malicious content, ultimately undermining the security of affected systems.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.vupen.com/english/advisories/2008/2021/references

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1020439

vdb-entryx_refsource_SECTRACK

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 8, 2008
Vulnerability Reserved
May 16, 2008