CVE-2015-6061

2015-11-1111:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-6061

cross-site scripting

xss

microsoft

skype for business

lync

vulnerability

web security

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.039 Low

EPSS

Percentile

92.0%

JSON

Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka “Server Input Validation Information Disclosure Vulnerability.”

CPENameOperatorVersion
microsoft:lyncmicrosoft lynceq2010
microsoft:skype_for_businessmicrosoft skype for businesseq2016
microsoft:lyncmicrosoft lynceq2013
microsoft:lync_room_systemmicrosoft lync room systemeq-

CPE	Name	Operator	Version
microsoft:lync	microsoft lync	eq	2010
microsoft:skype_for_business	microsoft skype for business	eq	2016
microsoft:lync	microsoft lync	eq	2013
microsoft:lync_room_system	microsoft lync room system	eq	-