CVE-2010-2091

Microsoft Exchange Server - Cross-Site Scripting via OWA Folder IPF.Note id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2091. PoCs published by Praveen Darshanam.

AI-analyzed exploit summary The code describes an information disclosure vulnerability in Microsoft Outlook Web Access (OWA) version 8.2.254.0, specifically involving the 'id' parameter. It demonstrates XSS exploitation techniques but does not include functional exploit code.

Description

Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.

Exploits (1)

exploitdb WRITEUP

by Praveen Darshanam · textwebappswindows

https://www.exploit-db.com/exploits/12728

View Code ZIP pw:eip

The code describes an information disclosure vulnerability in Microsoft Outlook Web Access (OWA) version 8.2.254.0, specifically involving the 'id' parameter. It demonstrates XSS exploitation techniques but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: Microsoft Outlook Web Access (OWA) version 8.2.254.0

No auth needed

Prerequisites: Access to a vulnerable OWA instance · Internet Explorer 7

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/12728

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/511448/100/0/threaded

VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/58835

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/511401/100/0/threaded

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/511416/100/0/threaded

Scores

EPSS 0.1794

EPSS Percentile 96.8%

Details

CWE

CWE-79

Status published

Products (1)

microsoft/exchange_server 2007 sp2_update_rollup_4

Published May 27, 2010

Tracked Since Feb 18, 2026