Cross-Site Scripting Vulnerability in Dynamics 365 Customer Voice by Microsoft
CVE-2026-47646

9.3CRITICAL

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
8 July 2026

What is CVE-2026-47646?

An improper neutralization of input during the web page generation process in Dynamics 365 Customer Voice allows unauthorized attackers to execute spoofing attacks over a network. This vulnerability can lead to various security risks, potentially compromising sensitive information and user accounts. Users of Dynamics 365 Customer Voice are advised to apply available patches and updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

Dynamics 365 Customer Voice -

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.