Vulnerability Description
Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script or HTML via an instant-message session, aka "Server Input Validation Information Disclosure Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Lync | 2010 |
| Microsoft | Lync Room System | - |
| Microsoft | Skype For Business | 2016 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1034126
- http://www.securitytracker.com/id/1034127
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-12
- http://www.securitytracker.com/id/1034126
- http://www.securitytracker.com/id/1034127
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-12
FAQ
What is CVE-2015-6061?
CVE-2015-6061 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script o...
How severe is CVE-2015-6061?
CVE-2015-6061 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6061?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Lync, Microsoft Lync Room System, Microsoft Skype For Business.