VDB

CVE-2026-45500

CVE-2026-45500 PUBLISHED CVSS 6.1 MEDIUM

Reported by microsoft · Published June 9, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Risk Scores

CVSS 3.1
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

Affected Products

VendorProductVersions
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 2315.01.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1415.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1515.02.0.0
MicrosoftMicrosoft Exchange Server Subscription Edition RTM15.02.0.0
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 2315.01.0.0, 15.01.0.0, 15.01.0.0
microsoftexchange_server_201915.02.0.0, 15.02.0.0, 15.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1415.02.0.0, 15.02.0.0, 15.02.0.0
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 1515.02.0.0, 15.02.0.0, 15.02.0.0
microsoftexchange_server_se15.02.0.0, 15.02.0.0, 15.02.0.0
microsoftexchange_server_201615.01.0.0, 15.01.0.0, 15.01.0.0
MicrosoftMicrosoft Exchange Server Subscription Edition RTM15.02.0.0, 15.02.0.0, 15.02.0.0

Timeline

  • Jun 9, 2026 CVE Published
  • Jun 10, 2026 Coalition ESS Score
  • Jun 10, 2026 Security Advisory
  • Jun 17, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›