CVE-2010-2091

Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:exchange_server:2007:sp2_update_rollup_4:*:*:*:*:*:*
OR cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*

Information

Published : 2010-05-27 12:30

Updated : 2020-04-09 06:57


NVD link : CVE-2010-2091

Mitre link : CVE-2010-2091


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

microsoft

  • windows_server_2003
  • internet_explorer
  • exchange_server