Originally published at: CVE-2026-42897: Exchange Server XSS exploited against Outlook on the web — mitigation via EEMS - ToolsLib Blog
CVE-2026-42897 is an actively exploited XSS spoofing flaw in Microsoft Exchange Server targeting Outlook on the web. No patch yet—enable Exchange Emergency Mitigation Service (EEMS) and monitor Microsoft’s advisories.