Lucene search
HistoryJun 11, 2014 - 4:56 a.m.
CVE-2014-1823
cve-2014-1823
cross-site scripting
xss
web components server
microsoft lync server 2010
microsoft lync server 2013
remote attackers
content sanitization vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.846 High
EPSS
Percentile
98.5%
Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka “Lync Server Content Sanitization Vulnerability.”
Affected configurations
Node
microsoftlync_serverMatch2010
ORmicrosoftlync_serverMatch2013
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft:lync_server | microsoft lync server | eq | 2010 |
| microsoft:lync_server | microsoft lync server | eq | 2013 |
Related
nessus
nessus
securityvulns
securityvulns
Microsoft Lync information leakage
2014-07-14 00:00:00
nvd
nvd
CVE-2014-1823
2014-06-11 04:56:18
cvelist
cvelist
CVE-2014-1823
2014-06-11 01:00:00
symantec
symantec
Microsoft Lync Server CVE-2014-1823 Information Disclosure Vulnerability
2014-06-10 00:00:00
prion
prion
Cross site scripting
2014-06-11 04:56:00
openvas
openvas
Microsoft Lync Server Information Disclosure Vulnerability (2969258)
2014-06-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Lync Server Information Disclosure (MS14-032; CVE-2014-1823)
2014-06-10 00:00:00
kaspersky
kaspersky
KLA10609 Multiple vulnerabilities in Microsoft Lync Server
2014-09-09 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.846 High
EPSS
Percentile
98.5%
Related for CVE-2014-1823