CVE-2016-0032

MEDIUM

Microsoft Exchange Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/79884

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034647

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010

Scores

CVSS v3 6.1

EPSS 0.0146

EPSS Percentile 80.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (4)

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

Timeline

Published Jan 13, 2016

Tracked Since Feb 18, 2026