CVE-2014-4070

Name of the Vulnerable Software and Affected Versions Microsoft Lync Server 2013

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. This is related to incorrect handling of specially crafted content, which can lead to the execution of scripts in a user's browser and access to web session information.

Recommendations For Microsoft Lync Server 2013, consider disabling the Web Components Server as a temporary workaround until a patch is available. Restrict access to the server to minimize the risk of exploitation. Avoid using crafted URLs that could trigger the XSS issue until the problem is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.