SEC-CONSULT Security Advisory 20060613-0 - Microsoft Outlook Web Access is vulnerable to an HTML code injection/cross site scripting attack. A malicious user could craft a mail containing HTML and Javascript code. Such code could be used to steal session information from the victims cookies, and thus enable the attacker to get access to the victim's emails. Vulnerable versions are Exchange 2000 (SP3), 2003 (SP1), 2003 (SP2).
660a8881d54862ec36db23fe8a4c02478e27719f256152894a6da754d91c8977