CVE-2014-1823

Microsoft Lync Server <2013 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."

References (5)

[Vendor Advisory] http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx

[Third Party Advisory] http://secunia.com/advisories/58537

[VDB Entry] http://www.securityfocus.com/bid/67893

[VDB Entry] http://www.securitytracker.com/id/1030381

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-032

Scores

EPSS 0.2843

EPSS Percentile 96.5%

Details

CWE

CWE-79

Status published

Products (3)

microsoft/lync_server

n/a/n/a

Published Jun 11, 2014

Tracked Since Feb 18, 2026