Vulnerability Name:

CVE-2005-0563 (CCN-20967)

Assigned:2005-06-14
Published:2005-06-14
Updated:2020-04-09
Summary:Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc
ript:") in an IMG tag.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-0563

Source: CCN
Type: SA15697
Microsoft Outlook Web Access Script Insertion Vulnerability

Source: SECUNIA
Type: Third Party Advisory
15697

Source: IDEFENSE
Type: Patch, Third Party Advisory
20050614 Microsoft Outlook Web Access Cross-Site Scripting Vulnerability

Source: CCN
Type: US-CERT VU#300373
Microsoft Outlook Web Access vulnerable to cross-site scripting

Source: CCN
Type: Microsoft Security Bulletin MS05-029
Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179)

Source: BID
Type: Third Party Advisory, VDB Entry
13952

Source: CCN
Type: BID-13952
Microsoft Exchange Server Outlook Web Access HTML Injection Vulnerability

Source: MS
Type: Patch, Vendor Advisory
MS05-029

Source: XF
Type: UNKNOWN
win-owa-xss(20967)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft exchange server 5.5 -
    microsoft exchange server 5.5 sp4