CVE-2004-0203

Microsoft Exchange Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.

References (4)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/948750

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-026

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16583

[Third Party Advisory] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2016

Scores

EPSS 0.2567

EPSS Percentile 96.2%

Classification

CWE

CWE-79

Status draft

Affected Products (5)

microsoft/exchange_server

Timeline

Published Nov 23, 2004

Tracked Since Feb 18, 2026