Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2016-0030

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

  • Published: Jan 13, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-0030
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
microsoft / exchange_server 2013-sp1 2013-sp1.x
microsoft / exchange_server 2013-cumulative_update_10 2013-cumulative_update_10.x
microsoft / exchange_server 2016 2016.x