Cross-site Scripting Vulnerability Impacts Dynamics 365 (on-premises)
CVE-2024-38211

8.2HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 (on-premises) Version 9.1
Vendor: CVE Published:; 13 August 2024

Summary

A cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises) enables an attacker to inject arbitrary web script or HTML into a user's browser session. This could lead to unauthorized actions or exposure of sensitive information, as affected users may be tricked into executing scripts that compromise their security. It is crucial for organizations using Microsoft Dynamics 365 on-premises to apply necessary patches and updates to mitigate potential exploitation of this vulnerability.

Affected Version(s)

Microsoft Dynamics 365 (on-premises) version 9.1 Unknown 9.0 < 1.31

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jun 11, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed