Un Authenticated Attacker Can Trick Users to Click on Spoofing Links
CVE-2024-38166
8.2HIGH
Key Information:
- Vendor
- Microsoft
- Vendor
- CVE Published:
- 6 August 2024
Summary
A cross-site scripting vulnerability exists in Microsoft Dynamics 365 that allows attackers to exploit improper input handling during web page generation. By crafting a malicious link, an unauthenticated attacker can deceive a user into clicking on it, potentially compromising user interactions with the application. This could lead to unauthorized actions by exploiting the trust of the user in the affected product. Implementing proper input validation and user education can help mitigate the risks associated with this vulnerability.
Affected Version(s)
Dynamics CRM Service Portal Web Resource Unknown
References
CVSS V3.1
Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published