CVE Catalog

CVE-2026-45500

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile - higher than 30% of all known CVEs

Summary

Microsoft Exchange Server has improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities. An attacker can exploit this flaw to perform spoofing over a network.

Risk Assessment

The organization may be exposed to attacks that could lead to data theft or session hijacking. This can result in serious security and reputational consequences.

Recommendation

It is recommended to update Microsoft Exchange Server to the latest version to patch this vulnerability and implement additional security measures such as input data filtering.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS