Vulnerabilities > Microsoft > Exchange Server

DATE CVE VULNERABILITY TITLE RISK
2017-03-17 CVE-2017-0110 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-79
6.1
6.1
2016-09-14 CVE-2016-3379 Cross-site Scripting vulnerability in Microsoft Exchange Server 2016
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-79
6.1
6.1
2016-09-14 CVE-2016-3378 Improper Input Validation vulnerability in Microsoft Exchange Server 2013/2016
Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Microsoft Exchange Open Redirect Vulnerability."
network
low complexity
microsoft CWE-20
7.4
7.4
2016-09-14 CVE-2016-0138 Information Exposure vulnerability in Microsoft Exchange Server
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
4.3
4.3
2016-01-13 CVE-2016-0032 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
network
low complexity
microsoft CWE-79
6.1
6.1
2016-01-13 CVE-2016-0031 Cross-site Scripting vulnerability in Microsoft Exchange Server 2016
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029.
network
low complexity
microsoft CWE-79
6.1
6.1
2016-01-13 CVE-2016-0030 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
network
low complexity
microsoft CWE-79
6.1
6.1
2016-01-13 CVE-2016-0029 Cross-site Scripting vulnerability in Microsoft Exchange Server 2016
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0031.
network
low complexity
microsoft CWE-79
6.1
6.1