Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2013-5072
HistoryDec 11, 2013 - 12:55 a.m.

CVE-2013-5072

2013-12-1100:55:04
CWE-79
microsoft
web.nvd.nist.gov
70
cve-2013-5072
owa
xss
outlook web access
microsoft exchange server
security vulnerability
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5

Confidence

High

EPSS

0.822

Percentile

98.5%

JSON

Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “OWA XSS Vulnerability.”

Affected configurations

Nvd
Node
microsoftexchange_serverMatch2010sp2
OR
microsoftexchange_serverMatch2010sp3
OR
microsoftexchange_serverMatch2013cumulative_update_2
OR
microsoftexchange_serverMatch2013cumulative_update_3
VendorProductVersionCPE
microsoftexchange_server2010cpe:2.3:a:microsoft:exchange_server:2010:sp2:*:*:*:*:*:*
microsoftexchange_server2010cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*
microsoftexchange_server2013cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_2:*:*:*:*:*:*
microsoftexchange_server2013cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_3:*:*:*:*:*:*

Related

cvelist 1
nvd 1
prion 1
symantec 1
nessus 1
securityvulns 1
mskb 1
openvas 2
cvelist
cvelist
CVE-2013-5072
2013-12-11 00:00:00
nvd
nvd
CVE-2013-5072
2013-12-11 00:55:04
prion
prion
Cross site scripting
2013-12-11 00:55:00
symantec
symantec
Microsoft Exchange Server CVE-2013-5072 Cross Site Scripting Vulnerability
2013-12-10 00:00:00
nessus
nessus
MS13-105: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)
2013-12-11 00:00:00
securityvulns
securityvulns
Microsoft Exchange Server multiple security vulnerabilities
2013-12-16 00:00:00
mskb
mskb
MS13-105: Vulnerabilities in Microsoft Exchange Server could allow remote code execution: December 10, 2013
2013-12-10 00:00:00
openvas
openvas
MS Exchange Server Remote Code Execution Vulnerabilities (2915705)
2013-12-11 00:00:00
Microsoft Exchange Server Remote Code Execution Vulnerabilities (2915705)
2013-12-11 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5

Confidence

High

EPSS

0.822

Percentile

98.5%

JSON
Related for CVE-2013-5072
cvelist1nvd1prion1symantec1nessus1securityvulns1mskb1openvas2