Microsoft: >> Exchange Server Subscription Edition >> 15.02.2562.037 Security Vulnerabilities
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
8.1
EPSS Score
0.002
Published
2026-06-09
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
CVSS Score
5.0
EPSS Score
0.004
Published
2026-06-09
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
CVSS Score
8.1
EPSS Score
0.004
Published
2026-06-09
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.004
Published
2026-06-09
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-06-09
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Known exploited
CVSS Score
8.1
EPSS Score
0.025
Published
2026-05-14