CVE-2005-0563

Published Jun 14, 2005

Last updated a month ago

CVSS info 4.3

Overview

Description
Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc
ript:") in an IMG tag.
Source
secure@microsoft.com
NVD status
Modified
Products
exchange_server

Risk scores

CVSS 2.0

Type
Primary
Base score
4.3
Impact score
2.9
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov
CWE-79

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Microsoft Exchange Server Cross-Site Scripting VulnerabilityCVE-2026-42897
  2. User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.CVE-2026-21527
  3. User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.CVE-2025-64667
  4. Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.CVE-2025-64666
  5. Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.CVE-2025-59249

References

Sources include official advisories and independent security research.