Microsoft · Exchange Server · CVE-2026-45501
**Name of the Vulnerable Software and Affected Versions**
Microsoft Exchange Server (affected versions not specified)
**Description**
Improper neutralization of input during web page generation leads to cross-site scripting (XSS), a condition where malicious scripts are injected into trusted websites. Additionally, a server-side request forgery (SSRF) issue exists, which occurs when a server is tricked into making unintended requests to internal or external resources. These flaws allow attackers to perform spoofing over a network.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.