Cross-Site Scripting Vulnerability in Microsoft Exchange Server
CVE-2020-0903

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2019 Cumulative Update 4; Microsoft Exchange Server 2016 Cumulative Update 15; Microsoft Exchange Server 2019 Cumulative Update 3; Microsoft Exchange Server 2016 Cumulative Update 14
Vendor: CVE Published:; 12 March 2020

Summary

A cross-site scripting vulnerability exists in Microsoft Exchange Server due to insufficient sanitization of specially crafted web requests. This flaw allows attackers to execute arbitrary scripts in the context of a user's session, potentially leading to data theft or unauthorized access. Users of affected versions are advised to apply the latest security updates to mitigate this risk.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 14 = unspecified

Microsoft Exchange Server 2016 Cumulative Update 15 = unspecified

Microsoft Exchange Server 2019 Cumulative Update 3 = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 12, 2020
Vulnerability Reserved
Nov 4, 2019