Microsoft : Security Vulnerabilities, CVEs, Published In 2016 (XSS)

CVE-2016-7282

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
Max CVSS
6.1
EPSS Score
1.10%
Published
2016-12-20
Updated
2018-10-12

CVE-2016-7280

Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206.
Max CVSS
6.1
EPSS Score
17.50%
Published
2016-12-20
Updated
2018-10-12

CVE-2016-7251

Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."
Max CVSS
6.1
EPSS Score
3.02%
Published
2016-11-10
Updated
2018-10-12

CVE-2016-7239

The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
Max CVSS
3.1
EPSS Score
2.88%
Published
2016-11-10
Updated
2018-10-12

CVE-2016-7206

Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280.
Max CVSS
6.1
EPSS Score
17.50%
Published
2016-12-20
Updated
2018-10-12

CVE-2016-3379

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."
Max CVSS
6.1
EPSS Score
3.02%
Published
2016-09-14
Updated
2018-10-12

CVE-2016-3273

The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Max CVSS
5.3
EPSS Score
37.43%
Published
2016-07-13
Updated
2018-10-12

CVE-2016-3212

The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
Max CVSS
6.1
EPSS Score
2.28%
Published
2016-06-16
Updated
2018-10-12

CVE-2016-0039

Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
Max CVSS
6.1
EPSS Score
4.31%
Published
2016-02-10
Updated
2018-10-12

CVE-2016-0032

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
Max CVSS
6.1
EPSS Score
0.71%
Published
2016-01-13
Updated
2020-04-09

CVE-2016-0031

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029.
Max CVSS
6.1
EPSS Score
0.71%
Published
2016-01-13
Updated
2020-04-09

CVE-2016-0030

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
Max CVSS
6.1
EPSS Score
0.71%
Published
2016-01-13
Updated
2020-04-09

CVE-2016-0029

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0031.
Max CVSS
6.1
EPSS Score
0.71%
Published
2016-01-13
Updated
2020-04-09

CVE-2016-0011

Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulnerability than CVE-2015-6117.
Max CVSS
5.4
EPSS Score
0.12%
Published
2016-01-13
Updated
2018-10-12

CVE-2015-6117

Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulnerability than CVE-2016-0011.
Max CVSS
6.1
EPSS Score
0.73%
Published
2016-01-13
Updated
2018-10-12
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close