Unrated severityNVD Advisory· Published Sep 9, 2015· Updated May 6, 2026

CVE-2015-2531

Description

Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."

Affected products

Microsoft/Lync Server
cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*
Microsoft/Skype For Business Server
cpe:2.3:a:microsoft:skype_for_business_server:2015:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securitytracker.com/id/1033497nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-104nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000