CVE-2003-0712

Microsoft Exchange Server 5.5 OWA - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.

References (5)

[Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=106631918405915&w=2

[Third Party Advisory, US Government Resource] http://www.cert.org/advisories/CA-2003-27.html

[Patch, Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/435444

[Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/8832

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-047

Scores

EPSS 0.1795

EPSS Percentile 95.1%

Classification

CWE

CWE-79

Status draft

Affected Products (5)

microsoft/exchange_server

Timeline

Published Nov 17, 2003

Tracked Since Feb 18, 2026