CVE-2019-1218 — Cross-site Scripting in Microsoft Outlook FOR IOS

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

5.8%

top 9.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Outlook FOR IOS

Timeline

PublishedAug 14

Latest updateMay 24

Description

A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5microsoft/outlook_for_ios< publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-m3wq-w5qf-gpqg: A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages, aka 'Outlook iOS Spoofing Vulner↗2022-05-24

▶

CVEList

Outlook iOS Spoofing Vulnerability↗2019-08-14

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution↗2019-10-21

▶

📋Vendor Advisories

Microsoft

Outlook iOS Spoofing Vulnerability↗2019-08-13

▶