Информационная безопасность
[RU] switch to English


Межсайтовый скриптинг в Microsoft Lync Server / Skype for Business
Опубликовано:15 сентября 2015 г.
Источник:
SecurityVulns ID:14692
Тип:удаленная
Уровень опасности:
5/10
Описание:Различные возможности межсайтового скриптинга.
Затронутые продукты:MICROSOFT : Skype for Business Server 2015
 MICROSOFT : Lync Server 2013
CVE:CVE-2015-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability.")
 CVE-2015-2532 (Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure Vulnerability.")
 CVE-2015-2531 (Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability.")
Файлы: Microsoft Security Bulletin MS15-104 - Important Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород