Cross-Site Scripting Vulnerability in Microsoft Account by Microsoft
CVE-2026-21264
9.3CRITICAL
What is CVE-2026-21264?
A cross-site scripting vulnerability exists in Microsoft Account due to improper input neutralization during web page generation. An unauthorized attacker could exploit this flaw to perform spoofing attacks, allowing them to manipulate user interactions and potentially mislead users into revealing sensitive information over a network. This vulnerability emphasizes the need for stringent input validation measures to secure user interactions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Microsoft Account -
References
CVSS V3.1
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved