Microsoft Lync Server Cross Site Scripting Vulnerabilities

Summary

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka ‘Lync XSS Information Disclosure Vulnerability.’

Credit:

Details

Vulnerable Systems:
 * Microsoft Lync Server 2013

Microsoft Lync Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to obtain sensitive information from web sessions.

CVE Information:
CVE-2014-4070

Disclosure Timeline:
Original release date: 09/09/2014
Last revised: 09/10/2014

Categories: Windows