CVE-2015-6061

Description

Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka Server Input Validation Information Disclosure Vulnerability.

Risk Information

Base Score

6.1

MODERATE

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

14.161

Associated Vulnerability

Vulnerability	OS Platform
Security Update for Skype for Business 2015 (KB3101496) 32-Bit Edition	Windows
Security Update for Skype for Business 2015 (KB3101496) 64-Bit Edition	Windows
Security Update for Microsoft Lync 2010 (32 -bit) (KB3096735)	Windows
Security Update for Microsoft Lync 2010 Attendee (Admin level install) (KB3096738)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-19421	Security Update for Skype for Business 2015 (KB3101496) 32-Bit Edition
PATCH-19422	Security Update for Skype for Business 2015 (KB3101496) 64-Bit Edition
PATCH-19425	Security Update for Microsoft Lync 2010 Attendee (Admin level install) (KB3096738)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234