Vulnerability Details CVE-2019-1137
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2019-1137
-
cpe:2.3:a:microsoft:exchange_server:2013
-
cpe:2.3:a:microsoft:exchange_server:2016
-
cpe:2.3:a:microsoft:exchange_server:2019