CVE-2014-4070 in Microsoft Lyncinfo

Summary

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."

Reservation

06/12/2014

Disclosure

09/09/2014

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
67517Microsoft Lync Script Reflected cross site scripting79UnprovenOfficial fixCVE-2014-4070

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!