CVE-2017-8758 — Cross-site Scripting in Corporation Microsoft Exchange Server 2016

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.8%

top 26.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Exchange Server 2016 Microsoft Exchange Server

Timeline

PublishedSep 13

Latest updateMay 13

Description

Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5microsoft_corporation/microsoft_exchange_server_2016Microsoft Exchange Server 2016 Cumulative Update 6

▶NVDmicrosoft/exchange_server2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5jxp-8hjc-v25c: Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handl↗2022-05-13

▶

CVEList

CVE-2017-8758: Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handl↗2017-09-13

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Server Elevation of Privilege Vulnerability↗2017-09-12

▶