Reported August 10, 2004, by Microsoft
A cross-site scripting and spoofing vulnerability in Exchange 5.5 SP4 could let an attacker convince an OWA user to run a malicious script. This vulnerability could let an attacker access any data on the OWA server that the user could access.
Microsoft has released bulletin MS04-026, "Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.
Discovered by Microsoft.