#outlook-web-access-owa

[ follow ]
#on-premises-exchange #cve-2026-42897 #cross-site-scripting #emergency-mitigation #microsoft-exchange-server
Information security
fromtheregister
15 hours ago

Exploited Exchange Server flaw turns OWA inboxes into script launchpads

CVE-2026-42897 in on-prem Exchange OWA can enable arbitrary JavaScript execution via crafted emails, with emergency mitigation potentially breaking inline images and calendar printing.
Information security
fromSecurityWeek
15 hours ago

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild

CVE-2026-42897 is a spoofing and XSS Exchange zero-day exploited via crafted emails, requiring immediate mitigations until a permanent patch is available.
[ Load more ]