CVE-2020-0903
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
12/03/2020
Last modified:
28/02/2025
Description
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page