Medium severity6.1NVD Advisory· Published Mar 17, 2017· Updated May 13, 2026

CVE-2017-0110

Description

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."

Affected products

Microsoft/Exchange Server3 versions
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_14:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_14:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
Microsoft Corporation/Exchange Serverv5
Range: Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server Cumulative Update 14, and Microsoft Exchange Server 2016 Cumulative Update 3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0110nvdPatchVendor Advisory
www.securityfocus.com/bid/96621nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038011nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000