The vulnerability of Microsoft Exchange Server servers arises from insufficient cleaning of data provided by users. This allows attackers to execute cross-site scripting attacks and execute arbitrary code in the context of the current user.

🗓️ 23 Jul 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Microsoft Exchange Server vulnerability from insufficient cleaning of user data enables remote cross-site scripting and code execution.

Reporter	Title	Published	Views	Family All 20
CNVD	Microsoft Exchange Server Cross-Site Scripting Vulnerability (CNVD-2019-22224)	10 Jul 201900:00	–	cnvd
CVE	CVE-2019-1137	29 Jul 201914:14	–	cve
Cvelist	CVE-2019-1137	29 Jul 201914:14	–	cvelist
EUVD	EUVD-2019-9713	7 Oct 202500:30	–	euvd
Microsoft KB	Description of the security update for Microsoft Exchange Server 2019: July 9, 2019	9 Jul 201907:00	–	mskb
Microsoft KB	Description of the security update for Microsoft Exchange Server 2013 and 2016: July 9, 2019	9 Jul 201907:00	–	mskb
Kaspersky	KLA11518 Multiple vulnerabilities in Microsoft Exchange Server	9 Jul 201900:00	–	kaspersky
Microsoft CVE	Microsoft Exchange Server Spoofing Vulnerability	9 Jul 201907:00	–	mscve
Microsoft CVE	Microsoft Exchange Server Remote Code Execution Vulnerability	2 Mar 202108:00	–	mscve
Microsoft CVE	Microsoft Exchange Server Remote Code Execution Vulnerability	2 Mar 202108:00	–	mscve

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-1137
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 33.5

CVSS 24

EPSS0.00671

exchange server cross site scripting remote code execution user data cleaning