Unrated severityNVD Advisory· Published Nov 17, 2003· Updated Apr 16, 2026

CVE-2003-0712

Description

Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.

Affected products

Microsoft/Exchange Server5 versions
cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/435444nvdPatchThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/8832nvdPatchThird Party AdvisoryVDB Entry
docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-047nvdPatchVendor Advisory
marc.infonvdMailing ListThird Party Advisory
www.cert.org/advisories/CA-2003-27.htmlnvdThird Party AdvisoryUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.014
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000