#cve-2026-42897

[ follow ]
#cross-site-scripting #on-premises-exchange #outlook-web-access-owa #emergency-mitigation
Information security
fromtheregister
17 hours ago

Exploited Exchange Server flaw turns OWA inboxes into script launchpads

CVE-2026-42897 in on-prem Exchange OWA can enable arbitrary JavaScript execution via crafted emails, with emergency mitigation potentially breaking inline images and calendar printing.
Information security
fromThe Hacker News
22 hours ago

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

CVE-2026-42897 enables spoofing via cross-site scripting in on-premises Exchange Server, with active exploitation, mitigated by emergency service or EOMT.
[ Load more ]