| Vulnerability Name: | CVE-2015-6061 (CCN-107662) | ||||||||
| Assigned: | 2015-11-10 | ||||||||
| Published: | 2015-11-10 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka "Server Input Validation Information Disclosure Vulnerability." | ||||||||
| CVSS v3 Severity: | 8.7 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N) 7.6 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-6061 Source: CCN Type: Microsoft Security Bulletin MS15-123 Security Update for Skype for Business and Lync to Address Information Disclosure (3105872) Source: SECTRACK Type: UNKNOWN 1034126 Source: SECTRACK Type: UNKNOWN 1034127 Source: MS Type: UNKNOWN MS15-123 Source: XF Type: UNKNOWN ms-lync-cve20156061-sec-bypass(107662) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||