Description
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Daniel Fabian · perlremotewindows
https://www.exploit-db.com/exploits/28005
References (14)
Scores
EPSS
0.4369
EPSS Percentile
97.5%
Details
CWE
CWE-79
Status
published
Products (1)
microsoft/exchange_server
2000 sp1 (3 CPE variants)
Published
Jun 13, 2006
Tracked Since
Feb 18, 2026