CVE-2010-2091

Microsoft Exchange Server - XSS

Title source: rule

Description

Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.

Exploits (1)

exploitdb WRITEUP

by Praveen Darshanam · textwebappswindows

https://www.exploit-db.com/exploits/12728

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/12728

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/511401/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/511416/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/511448/100/0/threaded

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/58835

Scores

EPSS 0.0446

EPSS Percentile 88.9%

Classification

CWE

CWE-79

Status published

Affected Products (2)

microsoft/exchange_server

n/a/n/a

Timeline

Published May 27, 2010

Tracked Since Feb 18, 2026