Bug Name :- R-XSS Bug Priority :- Medium
Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload. Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305.
Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.
The actual impact of an XSS attack generally depends on the nature of the application, its functionality and data, and the status of the compromised user. For example:
Always check for /autodiscover/autodiscover.json If exist change the HTTP request GET to POST method