{"uuid": "647e51b3-e143-47d9-b9c4-c6bddaeb368f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42897", "type": "seen", "source": "https://t.me/thehackernews/9009", "content": "\ud83d\udea8 On-prem Microsoft Exchange Server CVE-2026-42897 is under active exploitation.\n\nThe CVSS 8.1 spoofing flaw stems from XSS and can allow arbitrary JavaScript execution when crafted emails are opened in Outlook Web Access under certain conditions.\n\nRead: https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html", "creation_timestamp": "2026-05-15T07:03:19.000000Z"}