Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."
5AI Score
0.027EPSS
Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability."
5.2AI Score
0.033EPSS
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
5.4CVSS
5.3AI Score
0.001EPSS
A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.
6.1CVSS
6.2AI Score
0.001EPSS
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.To exploit this vulnerability, an ...
9.8CVSS
9.3AI Score
0.004EPSS
6.5CVSS
6.6AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.002EPSS
6.5CVSS
6.7AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.013EPSS
5.3CVSS
5.5AI Score
0.001EPSS
6.5CVSS
6.8AI Score
0.015EPSS
7.2CVSS
7.5AI Score
0.01EPSS
7.2CVSS
7.2AI Score
0.004EPSS
7.2CVSS
7.2AI Score
0.004EPSS
7.2CVSS
7.2AI Score
0.004EPSS
5.7CVSS
6.2AI Score
0.0005EPSS