Medium severity6.1NVD Advisory· Published Jan 13, 2016· Updated Jun 17, 2026
CVE-2016-0032
CVE-2016-0032
Description
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_10:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_10:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_11:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*
- (no CPE)range: 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, 2016
Patches
Vulnerability mechanics
References
3- docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-010nvdPatchVendor Advisory
- www.securityfocus.com/bid/79884nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034647nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.