← Retour aux CVEs
CVE-2016-0030
MEDIUM6.1
Description
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
Details CVE
Score CVSS v3.16.1
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie1/13/2016
Derniere modification4/12/2025
Sourcenvd
Observations honeypot0
Produits affectes
microsoft:exchange_server
Faiblesses (CWE)
CWE-79
References
http://www.securityfocus.com/bid/79890(secure@microsoft.com)
http://www.securitytracker.com/id/1034647(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010(secure@microsoft.com)
http://www.securityfocus.com/bid/79890(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034647(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.