Lucene search
+L

2927 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.21 views

Microsoft Exchange Server 服务端请求伪造漏洞

Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...

8.8CVSS5.8AI score0.00465EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Exchange Server 跨站脚本漏洞

Microsoft Exchange Server is a set of email service programs provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. Microsoft Exchange Server has a cross-site scripting vulnerability. Attackers utilize thi...

6.1CVSS5.1AI score0.00375EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Microsoft Exchange Server 跨站脚本漏洞

Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...

6.5CVSS5.7AI score0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

Microsoft Exchange Server 授权问题漏洞

Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are vulnerabilities related to authorization in Microsoft Exchange Server. Attackers can...

8.1CVSS5.3AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Microsoft Exchange Server 服务端请求伪造漏洞

Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...

5CVSS5.8AI score0.00464EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Microsoft Exchange Server 跨站脚本漏洞

Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. Microsoft Exchange Server has a cross-site scripting vulnerability. Attackers exploit this...

8.1CVSS5.1AI score0.00353EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.10 views

PT-2026-47975

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description An improper authorization issue leads to Server-side Request Forgery SSRF, a flaw where a server is tricked into making unintended requests to an internal or external...

8.1CVSS5.5AI score0.00454EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.11 views

PT-2026-47709

CVE-2024-56122 - Microsoft Exchange Server Remote Code Execution CVE ID :CVE-2024-56122 Published : June 8, 2026, 10:16 a.m. | 44 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.7 views

Security Updates for Microsoft Exchange Server (May 2026)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by a vulnerability as referenced in the May, 2026 security bulletin. - Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Serve...

8.1CVSS5.9AI score0.0564EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.14 views

CVE-2026-42897

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS6AI score0.0564EPSS
Exploits1References1
CISA
CISA
added 2026/05/15 12:0 p.m.50 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-42897link is external Microsoft Exchange Server Cross-Site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

8.1CVSS5.8AI score0.0564EPSS
In wildExploits1References6
NCSC
NCSC
added 2026/05/15 8:41 a.m.24 views

Lack of vulnerability awareness in Microsoft Exchange Server

Microsoft has identified a vulnerability in Microsoft Exchange Server. This vulnerability involves a cross-site scripting XSS issue that arises due to improper handling of user input during the generation of web pages. An unauthorized attacker can inject malicious scripts and perform spoofing...

8.1CVSS5.9AI score0.0564EPSS
Exploits1References1
CISA KEV Catalog
CISA KEV Catalog
added 2026/05/15 12:0 a.m.34 views

Microsoft Exchange Server Cross-Site Scripting Vulnerability

Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context...

8.1CVSS6AI score0.0564EPSS
In wildExploits1
NVD
NVD
added 2026/05/14 6:16 p.m.23 views

CVE-2026-42897

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS0.0564EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/14 5:0 p.m.18 views

CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability

...

8.1CVSS6AI score0.0564EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/14 5:0 p.m.31 views

EUVD-2026-30343

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS5.8AI score0.0564EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:0 p.m.17 views

CVE-2026-42897

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS5.8AI score0.0564EPSS
In wildExploits1References2Affected Software4
Cvelist
Cvelist
added 2026/05/14 5:0 p.m.77 views

CVE-2026-42897 Microsoft Exchange Server Spoofing Vulnerability

...

8.1CVSS0.0564EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 5:0 p.m.167 views

CVE-2026-42897

CVE-2026-42897 affects on-prem Microsoft Exchange Server (2016, 2019, SE) with an XSS flaw in Outlook Web Access caused by improper neutralization of input during web page generation. An attacker could send a crafted email to trigger arbitrary JavaScript execution in the victim’s browser, enablin...

8.1CVSS5.8AI score0.0564EPSS
In wildExploits1References2Affected Software2
Microsoft CVE
Microsoft CVE
added 2026/05/14 2:0 p.m.21 views

Microsoft Exchange Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

9.6CVSS5.8AI score0.0564EPSS
Exploits1
Rows per page
Query Builder