CVE Catalog

CVE-2026-47631

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile - higher than 15% of all known CVEs

Summary

Microsoft Exchange Server has an improper neutralization of input during web page generation, leading to a cross-site scripting vulnerability. This flaw allows an unauthorized attacker to perform spoofing over a network.

Risk Assessment

The organization may be exposed to attacks that could lead to data theft or session hijacking. This poses a serious threat to the integrity and confidentiality of information.

Recommendation

It is recommended to update Microsoft Exchange Server to the latest version to mitigate this vulnerability. Additionally, implementing security mechanisms against XSS attacks is advisable.

Original NVD description (English source)

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS