Vulnerabilities > Microsoft > Exchange Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-10 | CVE-2015-2359 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013 Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability." | 4.3 |
| 2015-06-10 | CVE-2015-1771 | Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Exchange Server 2013 Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability." | 6.8 |
| 2015-06-10 | CVE-2015-1764 | Same Origin Policy Security Bypass vulnerability in Microsoft Exchange Server 2013 The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability." network microsoft | 4.3 |
| 2015-03-11 | CVE-2015-1632 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013 Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability." | 4.3 |
| 2015-03-11 | CVE-2015-1631 | Improper Access Control vulnerability in Microsoft Exchange Server 2013 Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability." | 5.0 |
| 2015-03-11 | CVE-2015-1630 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013 Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability." | 4.3 |
| 2015-03-11 | CVE-2015-1629 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013 Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability." | 4.3 |
| 2015-03-11 | CVE-2015-1628 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013 Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability." | 4.3 |
| 2014-12-11 | CVE-2014-6326 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 2013 Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325. | 4.3 |
| 2014-12-11 | CVE-2014-6325 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 2013 Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326. | 4.3 |