CVE-2017-0110

Description

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka Microsoft Exchange Server Elevation of Privilege Vulnerability.

Risk Information

Base Score

6.1

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

1.205

Associated Vulnerability

Vulnerability	OS Platform
Microsoft Exchange Server Elevation of Privilege Vulnerability for Exchange Server 2013 SP1 (KB4012178)	Windows
Microsoft Exchange Server Elevation of Privilege Vulnerability for Exchange Server 2013 CU14 (KB4012178)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-22092	Security Update For Exchange Server 2013 SP1 (KB4012178)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234