Microsoft: >> Exchange Server Subscription Edition >> 15.02.2562.029 Security Vulnerabilities
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
8.1
EPSS Score
0.002
Published
2026-06-09
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
CVSS Score
5.0
EPSS Score
0.004
Published
2026-06-09
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
CVSS Score
8.1
EPSS Score
0.004
Published
2026-06-09
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.004
Published
2026-06-09
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-06-09
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Known exploited
CVSS Score
8.1
EPSS Score
0.025
Published
2026-05-14
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
6.5
EPSS Score
0.095
Published
2026-02-10
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
5.3
EPSS Score
0.008
Published
2025-12-09
Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVSS Score
7.5
EPSS Score
0.01
Published
2025-12-09