First published: Wed Jan 13 2016(Updated: )
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Exchange Server | =2013-cumulative_update_10 | |
Microsoft Exchange Server | =2013-sp1 | |
Microsoft Exchange Server | =2016 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-0030 has been assigned a high severity rating due to its potential for remote code execution via cross-site scripting.
To fix CVE-2016-0030, apply the relevant patches provided by Microsoft for Exchange Server versions affected.
CVE-2016-0030 affects Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 10, and 2016.
CVE-2016-0030 is a cross-site scripting (XSS) vulnerability that allows attackers to inject arbitrary web scripts.
Yes, CVE-2016-0030 can be exploited remotely through crafted URLs that target the Outlook Web Access interface.