jQuery Engine XSS Vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015

jQuery Engine XSS Vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015

CVE-2015-2531 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."

Learn more about our Web App Pen Testing.