CVE-2015-6061Cross-site Scripting in Microsoft Lync

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
14.2%
top 5.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft LyncMicrosoft Skype FOR Business
Timeline
PublishedNov 11
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka "Server Input Validation Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/lync2010, 2013+1
NVDmicrosoft/skype2016

🔴Vulnerability Details

2
GHSA
GHSA-7f3v-7hp2-fm7g: Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows2022-05-14
CVEList
CVE-2015-6061: Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows2015-11-11

💬Community

1
HackerOne
pngcrush double-free/segfault could result in DoS (CVE-2015-7700)2019-10-04
CVE-2015-6061 — Cross-site Scripting in Microsoft Lync | cvebase