XSS in Microsoft Lync_server
CVE-2014-4070
Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.183 (95.4th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Lync_server — versions 2013
- N/a — versions n/a
Weakness classification (CWE)
References
- 1030821 (vdb-entry, x_refsource_SECTRACK)
- ms-lync-cve20144070-info-disc(95546) (vdb-entry, x_refsource_XF)
- MS14-055 (x_refsource_MS, vendor-advisory)
- 69579 (vdb-entry, x_refsource_BID)