Cross Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises)
CVE-2020-0656
5.4MEDIUM
Key Information:
- Vendor
- Microsoft
- Vendor
- CVE Published:
- 14 January 2020
Summary
A cross site scripting vulnerability exists in Microsoft Dynamics 365 (on-premises) that arises from improper sanitization of specially crafted web requests. This flaw could allow an attacker to execute arbitrary scripts in the context of a user's session, potentially leading to unauthorized data access or manipulation. Organizations using affected versions of Dynamics 365 should apply security updates recommended by Microsoft to mitigate the risks associated with this vulnerability.
Affected Version(s)
Dynamics 365 Field Service (on-premises) v7 series = unspecified
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved