CVE-2017-0110

Summary

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."

Affected Software

VendorProductVersion RangeStatus
Microsoft CorporationExchange ServerExchange Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server Cumulative Update 14, and Microsoft Exchange Server 2016 Cumulative Update 3affected

Weaknesses

  • Elevation of Privilege

ADP Enrichment

CVE Program Container

Additional References

References