Lync Server Security Vulnerabilities and Issues — Lync Server CVE List

Lucene search

MicrosoftLync Server

5 matches found

CVE•added 2015/09/09 12:59 a.m.•56 views

CVE-2015-2536

Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability."

4.3CVSS5.2AI score0.10443EPSS

CVE•added 2015/09/09 12:59 a.m.•55 views

CVE-2015-2531

Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."

4.3CVSS5AI score0.15202EPSS

CVE•added 2014/06/11 4:56 a.m.•44 views

CVE-2014-1823

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."

4.3CVSS5.5AI score0.2598EPSS

CVE•added 2014/09/10 1:55 a.m.•40 views

CVE-2014-4070

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."

4.3CVSS4.9AI score0.18344EPSS

CVE•added 2015/09/09 12:59 a.m.•38 views

CVE-2015-2532

Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure Vulnerability."

4.3CVSS4.9AI score0.11186EPSS