Vulnerabilities > Microsoft > Lync Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-10 | CVE-2014-4068 | Improper Input Validation vulnerability in Microsoft Lync Server 2010/2013 The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability." | 5.0 |
| 2014-06-11 | CVE-2014-1823 | Cross-Site Scripting vulnerability in Microsoft Lync Server 2010/2013 Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability." | 4.3 |