CVE-2026-42897

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server (affected versions not specified)

Description Improper neutralization of input during web page generation leads to cross-site scripting (XSS), a flaw where malicious scripts are injected into trusted websites. This allows an unauthorized attacker to perform spoofing over a network.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.