PT-2019-1597 · Microsoft · Skype For Business Server+1

Published

2019-03-12

Updated

2020-08-24

CVE-2019-0798

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Lync Server and Skype for Business Server (affected versions not specified)

Description A spoofing issue exists due to improper sanitization of specially crafted requests. This could allow a remote attacker to perform a cross-site scripting attack using a specially crafted request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-87CWE-79

Related Identifiers

BDU:2019-01139

CVE-2019-0798

Affected Products

Lync Server

Skype For Business Server

PT-2019-1597 · Microsoft · Skype For Business Server+1

CVE-2019-0798

Weakness Enumeration

Related Identifiers

Affected Products

References · 4