Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2015-6061
HistoryNov 11, 2015 - 11:59 a.m.

CVE-2015-6061

2015-11-1111:59:33
CWE-79
microsoft
web.nvd.nist.gov
47
3
cve-2015-6061
cross-site scripting
xss
microsoft
skype for business
lync
vulnerability
web security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.044

Percentile

92.6%

JSON

Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka “Server Input Validation Information Disclosure Vulnerability.”

Affected configurations

Nvd
Node
microsoftlyncMatch2010x64
OR
microsoftlyncMatch2010x86
OR
microsoftlyncMatch2010attendee
OR
microsoftlyncMatch2013sp1x64
OR
microsoftlyncMatch2013sp1x86
OR
microsoftlync_room_systemMatch-
OR
microsoftskype_for_businessMatch2016
VendorProductVersionCPE
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:x64:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:x86:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:*:*:attendee:*:*:*
microsoftlync2013cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:x64:*
microsoftlync2013cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:x86:*
microsoftlync_room_system-cpe:2.3:a:microsoft:lync_room_system:-:*:*:*:*:*:*:*
microsoftskype_for_business2016cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*

Social References

More

Related

kaspersky 1
openvas 2
mskb 1
nessus 1
cvelist 1
prion 1
checkpoint_advisories 1
symantec 1
nvd 1
kaspersky
kaspersky
KLA10693 Information disclosure vulnerability in Microsoft Lync & Skype for Business
2015-11-10 00:00:00
openvas
openvas
Microsoft Lync Attendee Information Disclosure Vulnerability (3105872)
2015-11-11 00:00:00
Microsoft Lync Information Disclosure Vulnerability (3105872)
2015-11-11 00:00:00
mskb
mskb
MS15-123: Security update for Skype for Business and Lync to address information disclosure: November 10, 2015
2015-11-10 00:00:00
nessus
nessus
MS15-123: Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)
2015-11-11 00:00:00
cvelist
cvelist
CVE-2015-6061
2015-11-11 11:00:00
prion
prion
Information disclosure
2015-11-11 11:59:00
checkpoint_advisories
checkpoint_advisories
Microsoft Lync and Skype for Business Security Bypass (MS15-123: CVE-2015-6061)
2015-12-15 00:00:00
symantec
symantec
Microsoft Skype for Business and Lync Server CVE-2015-6061 Security Bypass Vulnerability
2015-11-10 00:00:00
nvd
nvd
CVE-2015-6061
2015-11-11 11:59:33

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.044

Percentile

92.6%

JSON
Related for CVE-2015-6061
kaspersky1openvas2mskb1nessus1cvelist1prion1checkpoint_advisories1symantec1nvd1