CVE-2017-8560
MEDIUMMicrosoft Exchange Server 2010 SP3, 2013 SP3, 2013 CU16, 2016 CU5 - Cross-Site Scripting in Outlook Web Access
Title source: llmDescription
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8560
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99449
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038852
Scores
CVSS v3
6.1
EPSS
0.0092
EPSS Percentile
76.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
microsoft/exchange_server
2013 cumulative_update_16 (2 CPE variants)
microsoft/exchange_server
2016 cumulative_update_5
Microsoft Corporation/Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5.
Microsoft Exchange
Published
Jul 11, 2017
Tracked Since
Feb 18, 2026