CVE-2016-0029

Description

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Exchange Spoofing Vulnerability, a different vulnerability than CVE-2016-0031.

Risk Information

Base Score

6.1

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

1.287

Associated Vulnerability

Vulnerability	OS Platform
Security Update for Exchange Server 2013 SP1 (KB3124557)	Windows
Security Update for Exchange Server 2013 CU10 (KB3124557)	Windows
Security Update for Exchange Server 2013 CU11 (KB3124557)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-19919	Security Update For Exchange Server 2013 CU11 (KB3124557)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234