PT-2019-2157 · Microsoft · Skype For Business Server+2

Suresh C

Published

2019-01-15

Updated

2020-08-24

CVE-2019-0624

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Skype for Business 2015 (affected versions not specified)

Description A spoofing issue exists due to improper sanitization of specially crafted requests. This could allow a remote attacker to perform a cross-site scripting attack using a specially crafted request. The issue is related to the lack of protection for the web page structure in Microsoft Lync Server and Skype for Business Server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2019-01923

CVE-2019-0624

Affected Products

Lync Server

Skype For Business 2015

Skype For Business Server

PT-2019-2157 · Microsoft · Skype For Business Server+2

CVE-2019-0624

Weakness Enumeration

Related Identifiers

Affected Products

References · 5