XSS in Microsoft Lync_server

CVE-2015-2536

Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.090 (92.8th percentile) — read the EPSS interpretation.