[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-42897":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-16T00:33:26.750Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":48,"related":49,"reserved_at":9,"published_at":50,"modified_at":51,"state":52,"summary":53,"references_raw":64,"kevs":79,"epss":89,"epss_history":91,"metrics":93,"affected":105},"CVE-2026-42897","Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[],[],[],[],[],"2026-05-14T17:00:36.515Z","2026-05-15T22:20:23.543Z","Analyzed",{"cisa_kev":54,"cisa_ransomware":55,"cisa_vendor":56,"epss_severity":57,"epss_score":58,"severity":59,"severity_score":60,"severity_version":61,"severity_source":62,"severity_vector":63,"severity_status":52},true,false,"Microsoft","low",0.0022,"high",8.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C",[65,73],{"url":66,"sources":67,"tags":69},"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897",[62,68],"nvd",[70,71,72],"Vendor Advisory","Patch","Mitigation",{"url":74,"sources":75,"tags":76},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-42897",[62,68],[77,78],"Government Resource","US Government Resource",[80],{"source":81,"vendor":56,"product":56,"date_added":82,"vulnerability_name":83,"short_description":84,"required_action":85,"due_date":86,"known_ransomware_campaign_use":87,"notes":88,"exploitation_type":9},"cisa","2026-05-15","Microsoft Exchange Server Cross-Site Scripting Vulnerability","Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-05-29","Unknown","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897 ; https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-emergency-mitigation-service ; https://nvd.nist.gov/vuln/detail/CVE-2026-42897",{"date":82,"score":58,"percentile":90},0.445,[92],{"date":82,"score":58,"percentile":90},[94,99],{"source":62,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":95,"cvss_v4_0":9},{"baseScore":60,"baseSeverity":96,"vectorString":63,"impactScore":97,"exploitabilityScore":98},"HIGH",8.7,7.2,{"source":68,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":100,"cvss_v4_0":9},{"baseScore":101,"baseSeverity":102,"vectorString":103,"impactScore":104,"exploitabilityScore":98},6.1,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",4.5,[106,190,198,203,208],{"ecosystem":9,"name":107,"vendor":9,"product":107,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":108},"Exchange Server",[109,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,160,162,164,166,168,170,172,174,176,178,180,182,184,186,188],{"version":110,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na","cpe",{"version":113,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016",{"version":115,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_1",{"version":117,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_10",{"version":119,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_11",{"version":121,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_12",{"version":123,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_13",{"version":125,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_14",{"version":127,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_15",{"version":129,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_16",{"version":131,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_17",{"version":133,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_18",{"version":135,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_19",{"version":137,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_2",{"version":139,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_20",{"version":141,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_21",{"version":143,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_22",{"version":145,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_23",{"version":147,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_3",{"version":149,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_4",{"version":151,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_5",{"version":153,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_6",{"version":155,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_7",{"version":157,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_8",{"version":159,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2016:cumulative_update_9",{"version":161,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019",{"version":163,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_1",{"version":165,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_10",{"version":167,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_11",{"version":169,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_12",{"version":171,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_13",{"version":173,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_14",{"version":175,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_2",{"version":177,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_3",{"version":179,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_4",{"version":181,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_5",{"version":183,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_6",{"version":185,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_7",{"version":187,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_8",{"version":189,"is_range":55,"range_type":111,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2019:cumulative_update_9",{"ecosystem":9,"name":191,"vendor":192,"product":193,"cpe_part":194,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":195},"Microsoft Exchange Server 2016 Cumulative Update 23","microsoft","microsoft exchange server 2016 cumulative update 23","a",[196],{"version":197,"is_range":55,"range_type":62,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"-",{"ecosystem":9,"name":199,"vendor":192,"product":200,"cpe_part":194,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":201},"Microsoft Exchange Server 2019 Cumulative Update 14","microsoft exchange server 2019 cumulative update 14",[202],{"version":197,"is_range":55,"range_type":62,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":204,"vendor":192,"product":205,"cpe_part":194,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":206},"Microsoft Exchange Server 2019 Cumulative Update 15","microsoft exchange server 2019 cumulative update 15",[207],{"version":197,"is_range":55,"range_type":62,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":209,"vendor":192,"product":210,"cpe_part":194,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":211},"Microsoft Exchange Server Subscription Edition RTM","microsoft exchange server subscription edition rtm",[212],{"version":197,"is_range":55,"range_type":62,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]