Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Lync Server / Skype for Business crossite scripting
Published:15.09.2015
Source:
SecurityVulns ID:14692
Type:remote
Threat Level:
5/10
Description:Multiple crossite scripting possibilities.
Affected:MICROSOFT : Lync Server 2013
 MICROSOFT : Skype for Business Server 2015
CVE:CVE-2015-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability.")
 CVE-2015-2532 (Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure Vulnerability.")
 CVE-2015-2531 (Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability.")
Files: Microsoft Security Bulletin MS15-104 - Important Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod