CVE-2016-0030

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2013 PS1 through 2013 Cumulative Update 10 Microsoft Exchange Server version 2016

Description A cross-site scripting (XSS) issue exists due to inadequate protection of the web page structure in Outlook Web Access (OWA), allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. This can lead to script or content injection attacks, where an attacker could trick the user into disclosing sensitive information or redirect the user to a malicious website.

Recommendations For Microsoft Exchange Server versions 2013 PS1 through 2013 Cumulative Update 10, update to a version that includes the fix for this issue. For Microsoft Exchange Server version 2016, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the OWA component to minimize the risk of exploitation.