CVE-2016-0031

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2016

Description The issue is related to a cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) that allows remote attackers to inject arbitrary web script or HTML via a crafted URL. This vulnerability exists due to inadequate protection of the web page structure, which can be exploited by a remote attacker to inject malicious code.

Recommendations For Microsoft Exchange Server 2016, consider disabling access to OWA until a patch is available to prevent exploitation of this vulnerability. Restrict access to crafted URLs to minimize the risk of arbitrary web script or HTML injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.