CVE-2015-2359

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2013 Cumulative Update 8

Description The issue is related to a cross-site scripting (XSS) vulnerability, also referred to as an "Exchange HTML Injection Vulnerability", which allows remote attackers to inject arbitrary web script or HTML. This is due to the lack of protection measures for the web page structure, enabling an attacker to exploit the vulnerability and inject malicious code. The vulnerability exists because Microsoft Exchange does not properly sanitize HTML strings, allowing an attacker to submit a specially crafted script to a target site. This script could then be run in the security context of a user who views the malicious content.

Recommendations For Microsoft Exchange Server 2013 Cumulative Update 8, consider disabling the web applications until a patch is available to prevent exploitation of the HTML Injection vulnerability. Restrict access to the web applications to minimize the risk of exploitation. Avoid using the affected web applications until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.