CVE-2015-2536

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.3MEDIUM
EPSS
9.0%
top 7.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Lync ServerMicrosoft Skype FOR Business Server
Timeline
PublishedSep 9
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/skype2015

🔴Vulnerability Details

2
GHSA
GHSA-mgv9-6p6c-9c3v: Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary2022-05-14
CVEList
CVE-2015-2536: Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary2015-09-09
CVE-2015-2536 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io