Cross-site scripting (XSS) vulnerability through User-Agent header in Lync Server 2010

Applies To

Lync Server 2010 Enterprise Edition Lync Server 2010 Standard Edition

Symptoms

The Lync Server 2010 Web App page sends the User-Agent string of the web browser that makes a request. Because the string is not encoded in the output, it can be used maliciously to inject script into the webpage.

Resolution

To fix this issue, install the April 2016 cumulative update 4.0.7577.728 for Lync Server 2010, Web Components Server.

SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Cross-site scripting (XSS) vulnerability through User-Agent header in Lync Server 2010

Symptoms

Resolution

Need more help?

Want more options?

Was this information helpful?

Thank you for your feedback!