3 matches found
CVE-2015-2531
CVE-2015-2531 is an XSS vulnerability in the jQuery engine used by Microsoft Lync Server 2013 and Skype for Business Server 2015. The issue allows an unauthenticated, remote attacker to inject arbitrary web script or HTML via a crafted URL, potentially exposing session information and enabling sc...
MS15-104: Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952)
The remote Windows host is missing a security update. It is, therefore, affected by multiple cross-site scripting vulnerabilities in Skype for Business Server and Lync Server : - A cross-site scripting vulnerability exists in Skype for Business Server and Lync Server due to a failure by the jQuer...
KLA10657 Multiple vulnerabilities in Microsoft communication services
Improper content sanitization at jQuery engine and other vectors were found in Lync Server and Skype for Business Server. By exploiting these vulnerabilities malicious users can gain privileges or obtain sensitive information. These vulnerabilities can be exploited remotely via a specially design...