CVE-2023-36030

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 54.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

3

Microsoft Microsoft Dynamics 365 (on-premises) Version 9.0 Microsoft Microsoft Dynamics 365 (on-premises) Version 9.1 Microsoft Dynamics 365

Timeline

PublishedNov 14

Description

Microsoft Dynamics 365 Sales Spoofing Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDmicrosoft/dynamics_3659.0 — 9.0.51.06+1

▶CVEListV5microsoft/microsoft_dynamics_365_(on-premises)_version_9.09.0.0 — 9.0.51.06

▶CVEListV5microsoft/microsoft_dynamics_365_(on-premises)_version_9.19.0 — 9.1.23.10

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

2

CVEList

Microsoft Dynamics 365 Sales Spoofing Vulnerability↗2023-11-14

▶

GHSA

GHSA-j9pw-9wpv-54j6: Microsoft Dynamics 365 Sales Spoofing Vulnerability↗2023-11-14

▶

📋Vendor Advisories

1

Microsoft

Microsoft Dynamics 365 Sales Spoofing Vulnerability↗2023-11-14

▶

CVE-2023-36030 (MEDIUM CVSS 6.1) | Microsoft Dynamics 365 Sales Spoofi | cvebase.io