cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2018-0940,https://securityvulnerability.io/vulnerability/CVE-2018-0940,,"Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka ""Microsoft Exchange Elevation of Privilege Vulnerability"".",Microsoft,Microsoft Exchange Outlook Web Access (owa),6.5,MEDIUM,0.0038999998942017555,false,false,false,false,,false,false,2018-03-14T00:00:00.000Z,0
CVE-2016-0028,https://securityvulnerability.io/vulnerability/CVE-2016-0028,,"Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka ""Microsoft Exchange Information Disclosure Vulnerability.""",Microsoft,Outlook Web Access,5.5,MEDIUM,0.0036899999249726534,false,false,false,false,,false,false,2016-06-16T01:00:00.000Z,0
CVE-2010-3213,https://securityvulnerability.io/vulnerability/CVE-2010-3213,,"Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.",Microsoft,Outlook Web Access,,,0.0502999983727932,false,false,false,false,,false,false,2010-09-07T17:00:00.000Z,0
CVE-2008-2248,https://securityvulnerability.io/vulnerability/CVE-2008-2248,,"Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.",Microsoft,"Outlook Web Access,Exchange Server",,,0.9285200238227844,false,false,false,false,,false,false,2008-07-08T23:41:00.000Z,0
CVE-2008-2143,https://securityvulnerability.io/vulnerability/CVE-2008-2143,,"Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information.",Microsoft,Outlook Web Access,,,0.0007999999797903001,false,false,false,false,,false,false,2008-05-12T19:00:00.000Z,0
CVE-2005-1052,https://securityvulnerability.io/vulnerability/CVE-2005-1052,,"Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.",Microsoft,"Outlook Web Access,Outlook",,,0.0684799998998642,false,false,false,false,,false,false,2005-05-02T04:00:00.000Z,0