CVE-2026-47631 HIGH

CVE-2026-47631: Microsoft Exchange Server Spoofing Vulnerability

Vendor Microsoft
Product Microsoft Exchange Server 2016 Cumulative Update 23
Weakness CWE-79 · XSS
Published June 9, 2026
Last update June 15, 2026
View on NVD All CVEs

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Key dates

02Disclosure timeline

June 9, 2026 CVE published
June 15, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-9048 y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting CVE-2026-26997 ClipBucket v5 has Stored XSS via Collection name CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue CVE-2021-36832 WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability CVE-2023-25024 WordPress Icegram Collect plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)