CVSS: 4.3EPSS: 21%CPEs: 2EXPL: 0CVE-2015-2536
https://notcve.org/view.php?id=CVE-2015-2536
Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability." Vulnerabilidad de XSS en Microsoft Lync Server 2013 y Skype para Business Server 2015, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL manipulada, también conocida como 'Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability.' • http://www.securitytracker.com/id/1033497 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 18%CPEs: 2EXPL: 0CVE-2015-2531
https://notcve.org/view.php?id=CVE-2015-2531
Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability." Vulnerabilidad de XSS en el motor jQuery en Microsoft Lync Server 2013 y Skype para Business Server 2015, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocida como 'Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability.' • http://www.securitytracker.com/id/1033497 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 144EXPL: 0CVE-2009-4741
https://notcve.org/view.php?id=CVE-2009-4741
Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors. Vulnerabilidad no específica en Extras Manager anteriores a v2.0.0.67 en Skype anteriores a v4.1.0.179 en Windows, tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/37012 http://www.securityfocus.com/bid/36459 https://developer.skype.com/WindowsSkype/ReleaseNotes#head-21c1b2583e7cc405f994ca162d574fb15a6e986b •
CVSS: 9.3EPSS: 43%CPEs: 5EXPL: 0CVE-2008-0454
https://notcve.org/view.php?id=CVE-2008-0454
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." Vulnerabilidad de secuencias de comandos en zonas cruzadas en el control web Internet Explorer de Skype 3.6.0.244, y versiones anteriores 3.5.x y 3.6.x en Windows, permite a atacantes remotos con la complicidad del usuario inyectar secuencias de comandos web o HTML de su elección en la Zona de Máquina Local mediante el campo Title de un (1) Dailymotion y posiblemente (2) una película Metacafe en la galería de vídeos de Skype, accesible a través de una búsqueda dentro del diálogo "Add video to chat", también conocido como "videomood XSS". • http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.html http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html http://skype.com/security/skype-sb-2008-001-update1.html http://skype.com/security/skype-sb-2008-001.html http://www.critical.lt/?opinions/show/1470 http://www.gnucitizen.org/blog/vulnerabilit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 2%CPEs: 3EXPL: 0CVE-2006-2312
https://notcve.org/view.php?id=CVE-2006-2312
Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches. • http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0549.html http://secunia.com/advisories/20154 http://www.kb.cert.org/vuls/id/466428 http://www.osvdb.org/25658 http://www.securityfocus.com/archive/1/434707/30/4860/threaded http://www.securityfocus.com/bid/18038 http://www.skype.com/security/skype-sb-2006-001.html http://www.vupen.com/english/advisories/2006/1871 https://exchange.xforce.ibmcloud.com/vulnerabilities/26557 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •