Cross-Site Scripting Vulnerability in Microsoft Lync and Skype for Business
CVE-2015-2531

Currently unrated

Key Information:

Vendor: Microsoft
Status: Lync Server; Skype For Business Server
Vendor: CVE Published:; 9 September 2015

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the jQuery engine of Microsoft Lync Server 2013 and Skype for Business Server 2015. This flaw allows remote attackers to inject and execute arbitrary web scripts or HTML content through specially crafted URLs. A successful exploitation can potentially result in unauthorized access to sensitive information, leading to information disclosure and increased risks for affected users.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1033497

vdb-entryx_refsource_SECTRACK

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 9, 2015
Vulnerability Reserved
Mar 19, 2015