Cross-site Scripting Vulnerability Impacts Dynamics 365 (on-premises)
CVE-2024-38211

8.2HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 (on-premises) Version 9.1
Vendor: CVE Published:; 13 August 2024

What is CVE-2024-38211?

A cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises) enables an attacker to inject arbitrary web script or HTML into a user's browser session. This could lead to unauthorized actions or exposure of sensitive information, as affected users may be tricked into executing scripts that compromise their security. It is crucial for organizations using Microsoft Dynamics 365 on-premises to apply necessary patches and updates to mitigate potential exploitation of this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Microsoft Dynamics 365 (on-premises) version 9.1 Unknown 9.0 < 1.31

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jun 11, 2024

JSON

Microsoft