Vulnerability Details CVE-2015-1628
Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.069
EPSS Ranking 90.9%
CVSS Severity
CVSS v2 Score 4.3
References
Products affected by CVE-2015-1628
-
cpe:2.3:a:microsoft:exchange_server:2013