The bug (CVE-2019-1460) would allow an attacker to perform cross-site scripting (XSS) attacks on the affected systems. Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks. Users should ensure that they have the latest version of the app, and update it manually if they haven t received an auto-update. It s listed as having a 5.6 out of 10 severity rating on the CVSS v.3 vulnerability scale.
Source: https://threatpost.com/microsoft-outlook-android-bug-xss/150528/