CVE-2026-42897 - Microsoft Exchange Server Cross-Site Scripting Vulnerability
项目:Microsoft
产品:Microsoft
添加日期:2026-05-15到期日:2026-05-29最后更新:May 15, 2026
漏洞名称
Microsoft Exchange Server Cross-Site Scripting Vulnerability
描述
Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.
已知用于勒索软件活动吗?
Unknown
采集行动
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
其他说明
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897
https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-emergency-mitigation-service
https://nvd.nist.gov/vuln/detail/CVE-2026-42897
相关新闻文章
Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flawsJune 9, 2026
Microsoft patches Exchange Server zero-day exploited in attacksJune 10, 2026
Microsoft Warns of Two Actively Exploited Defender VulnerabilitiesMay 21, 2026