What is CVE-2016-0030?

CVE-2016-0030 is a medium-severity vulnerability in Microsoft Exchange_server, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-01-13.

How severe is CVE-2016-0030?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Microsoft Exchange_server

CVE-2016-0030

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.012 (79.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Microsoft Exchange_server — versions 2013, 2016
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

MS16-010 (x_refsource_MS, vendor-advisory, Patch, Vendor Advisory)
1034647 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
79890 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-0030?: CVE-2016-0030 is a medium-severity vulnerability in Microsoft Exchange_server, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-01-13.
How severe is CVE-2016-0030?: Medium severity. CVSS v3 base score is 6.1 out of 10.