Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVE-2024-21327

7.6HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Dynamics 365 Customer Engagement V9.1
Vendor
CVE Published:
13 February 2024

Summary

The vulnerability in Microsoft Dynamics 365 Customer Engagement allows an attacker to execute arbitrary scripts within the context of a user’s session. This type of cross-site scripting issue can compromise user data and facilitate unauthorized actions, posing significant security threats for organizations utilizing this platform. Secure coding practices and regular updates are essential to mitigate risks associated with this vulnerability.

Affected Version(s)

Microsoft Dynamics 365 Customer Engagement V9.1 Unknown 9.0 < 9.1.25.17

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed
.