Skype For Business
CVE-2019-0624
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
AnalysisAI
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype. Affected products include: Microsoft Skype For Business.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Skype For Business
View allThe font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1;
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; W
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, W
The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 20
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; W
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 201
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today