CVE-2016-0030

EPSS 1.47%
Veröffentlicht 13.01.2016 05:59:19
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_10

Microsoft ≫ Exchange Server Version2013 Updatesp1

Microsoft ≫ Exchange Server Version2016 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.47%	0.791

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securitytracker.com/id/1034647

Third Party Advisory

VDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010

Patch

Vendor Advisory

http://www.securityfocus.com/bid/79890

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-0030

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0030

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0030

EUVD