CVE-2025-49745
published 2025-08-12CVE-2025-49745: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to…
medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | dynamics_365 | >= 9.1 < 9.1.38.10 | 9.1.38.10 |
| microsoft | microsoft_dynamics_365_version_9.1 | >= 9.0 < 9.1.38.10 | 9.1.38.10 |
| msrc | microsoft_dynamics_365_version_9.1 | — | — |