Vulnerabilities > Microsoft > Exchange Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-14 CVE-2016-3378 Improper Input Validation vulnerability in Microsoft Exchange Server 2013/2016
Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Microsoft Exchange Open Redirect Vulnerability."
network
microsoft CWE-20
5.8
5.8
2016-09-14 CVE-2016-0138 Information Exposure vulnerability in Microsoft Exchange Server
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
4.0
4.0
2016-06-16 CVE-2016-0028 Information Exposure vulnerability in Microsoft Outlook web Access
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability."
network
microsoft CWE-200
4.3
4.3
2016-01-13 CVE-2016-0032 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
network
microsoft CWE-79
4.3
4.3
2016-01-13 CVE-2016-0031 Cross-site Scripting vulnerability in Microsoft Exchange Server 2016
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029.
network
microsoft CWE-79
4.3
4.3
2016-01-13 CVE-2016-0030 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
network
microsoft CWE-79
4.3
4.3
2016-01-13 CVE-2016-0029 Cross-site Scripting vulnerability in Microsoft Exchange Server 2016
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0031.
network
microsoft CWE-79
4.3
4.3
2015-09-09 CVE-2015-2544 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."
network
microsoft CWE-79
4.3
4.3
2015-09-09 CVE-2015-2543 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."
network
microsoft CWE-79
4.3
4.3
2015-09-09 CVE-2015-2505 Information Exposure vulnerability in Microsoft Exchange Server 2013
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
5.0
5.0