The Lync Server 2010 Web App page sends the User-Agent string of the web browser that makes a request. Because the string is not encoded in the output, it can be used maliciously to inject script into the webpage.
Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.