Cross-site Scripting Vulnerability Affects Microsoft Dynamics 365 (On-premises)
CVE-2024-21419
7.6HIGH
Summary
A cross-site scripting vulnerability exists in Microsoft Dynamics 365 (on-premises) that could allow an attacker to execute arbitrary scripts in the context of a user's session. By exploiting this vulnerability, an unauthorized user could potentially gain access to sensitive information, manipulate user sessions, or redirect users to malicious websites. It is essential for organizations using affected versions of Microsoft Dynamics 365 to assess their security posture and apply the necessary mitigations to prevent exploitation.
Affected Version(s)
Microsoft Dynamics 365 (on-premises) version 9.1 Unknown 9.0 < 9.1.26
References
CVSS V3.1
Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre DatabaseMicrosoft Feed