Volerion logoVolerion
Volerion logoVolerion

Microsoft Exchange Server Cross-Site Scripting Vulnerability Allowing Spoofing

Vulnerability

A cross-site scripting vulnerability has been identified in Microsoft Exchange Server. This issue arises from improper input neutralization during web page generation, allowing an unauthorized attacker to perform spoofing over the network. The vulnerability affects multiple versions of Microsoft Exchange Server, including Exchange Server 2016 Cumulative Update 23, Exchange Server 2019 Cumulative Update 15, Exchange Server 2019 Cumulative Update 14, and Exchange Server Subscription Edition RTM.

Impact

Exploitation of this vulnerability could lead to spoofing attacks, allowing an attacker to impersonate another user or entity.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. Instructions for downloading the security update are available on the Microsoft Exchange Server Security Update Guide page.

Added: Jun 9, 2026, 6:40 PM
Updated: Jun 9, 2026, 6:40 PM

Vulnerability Rating

Custom Algorithm
spread
6.4
impact
1.7
exploitability
6.5
remediation
7.7
relevance
9.4
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.