Medium severity6.1NVD Advisory· Published Jan 13, 2016· Updated Jun 17, 2026
CVE-2016-0030
CVE-2016-0030
Description
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_10:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_10:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*
- (no CPE)range: 2013 PS1, 2013 Cumulative Update 10, 2016
Patches
Vulnerability mechanics
References
3- docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010nvdPatchVendor Advisory
- www.securityfocus.com/bid/79890nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034647nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.