CVE-2015-2536

Currently unrated

Key Information:

Vendor: Microsoft
Status: Lync Server; Skype For Business Server
Vendor: CVE Published:; 9 September 2015

Summary

Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability."

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1033497

vdb-entryx_refsource_SECTRACK

EPSS Score

22% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 9, 2015
Vulnerability Reserved
Mar 19, 2015