Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Cross-site scripting (XSS) vulnerability through User-Agent header in Lync Server 2010


View products that this article applies to.

Symptoms

The Lync Server 2010 Web App page sends the User-Agent string of the web browser that makes a request. Because the string is not encoded in the output, it can be used maliciously to inject script into the webpage. 

↑ Back to the top


Resolution

To fix this issue, install the April 2016 cumulative update 4.0.7577.728 for Lync Server 2010, Web Components Server.

↑ Back to the top


Keywords: kbsurveynew, kbtshoot, kbexpertiseinter, kb

↑ Back to the top

Article Info
Article ID : 3155850
Revision : 1
Created on : 1/7/2017
Published on : 5/20/2016
Exists online : False
Views : 264