Vulnerability Description
Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Exchange Server | 2013 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1031900
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-02
- http://www.securitytracker.com/id/1031900
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-02
FAQ
What is CVE-2015-1632?
CVE-2015-1632 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script o...
How severe is CVE-2015-1632?
CVE-2015-1632 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1632?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Exchange Server.