Description
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
Affected products
- Microsoft / Microsoft Exchange Server 2013Cumulative Update 23 – Cumulative Update 23
- Microsoft / Microsoft Exchange Server 2016Cumulative Update 12 – Cumulative Update 12
- Microsoft / Microsoft Exchange Server 2016Cumulative Update 13 – Cumulative Update 13
- Microsoft / Microsoft Exchange Server 2019Cumulative Update 1 – Cumulative Update 1
- Microsoft / Microsoft Exchange Server 2019Cumulative Update 2 – Cumulative Update 2