Description
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Microsoft / Microsoft Exchange Server 2016 Cumulative Update 14unspecified – unspecified
- Microsoft / Microsoft Exchange Server 2016 Cumulative Update 15unspecified – unspecified
- Microsoft / Microsoft Exchange Server 2019 Cumulative Update 3unspecified – unspecified
- Microsoft / Microsoft Exchange Server 2019 Cumulative Update 4unspecified – unspecified