Microsoft Dynamics 365 vulnerabilities

87 known vulnerabilities affecting microsoft/dynamics_365.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH23MEDIUM61LOW2

Vulnerabilities

Page 1 of 5

CVE-2025-62211HIGHCVSS 8.7fixed in 8.8.139.3982025-11-11

CVE-2025-62211 [HIGH] CWE-79 CVE-2025-62211: Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.

nvd

CVE-2025-62210HIGHCVSS 8.7fixed in 8.8.139.3982025-11-11

CVE-2025-62210 [HIGH] CWE-79 CVE-2025-62210: Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.

nvd

CVE-2025-62206MEDIUMCVSS 6.5≥ 9.1, < 9.1.41.072025-11-11

CVE-2025-62206 [MEDIUM] CWE-200 CVE-2025-62206: Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) a Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-53728MEDIUMCVSS 6.5≥ 9.1, < 9.1.39.042025-08-12

CVE-2025-53728 [MEDIUM] CWE-200 CVE-2025-53728: Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) a Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-49745MEDIUMCVSS 5.4≥ 9.1, < 9.1.38.102025-08-12

CVE-2025-49745 [MEDIUM] CWE-79 CVE-2025-49745: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dy Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.

nvd

CVE-2024-43476MEDIUMCVSS 5.4fixed in 9.1.322024-09-10

CVE-2024-43476 [HIGH] CWE-79 CVE-2024-43476: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

nvd

CVE-2024-38211HIGHCVSS 8.2v9.12024-08-13

CVE-2024-38211 [HIGH] CWE-601 CVE-2024-38211: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

nvd

CVE-2024-38182CRITICALCVSS 9.8v7.02024-07-31

CVE-2024-38182 [CRITICAL] CWE-1390 CVE-2024-38182: Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileg Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.

nvd

CVE-2024-30061HIGHCVSS 7.3v9.12024-07-09

CVE-2024-30061 [HIGH] CWE-285 CVE-2024-30061: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

nvd

CVE-2024-35263MEDIUMCVSS 5.7v9.12024-06-11

CVE-2024-35263 [MEDIUM] CWE-200 CVE-2024-35263: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

nvd

CVE-2024-30048MEDIUMCVSS 4.1≥ 10.0.0, < 1.38813.802024-05-14

CVE-2024-30048 [HIGH] CWE-79 CVE-2024-30048: Dynamics 365 Customer Insights Spoofing Vulnerability Dynamics 365 Customer Insights Spoofing Vulnerability

cvelistv5nvd

CVE-2024-30047MEDIUMCVSS 4.1≥ 10.0.0, < 1.38813.802024-05-14

CVE-2024-30047 [HIGH] CWE-79 CVE-2024-30047: Dynamics 365 Customer Insights Spoofing Vulnerability Dynamics 365 Customer Insights Spoofing Vulnerability

cvelistv5nvd

CVE-2024-21419MEDIUMCVSS 5.4≥ 9.1, < 9.1.262024-03-12

CVE-2024-21419 [HIGH] CWE-79 CVE-2024-21419: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

nvd

CVE-2024-21393HIGHCVSS 7.6≥ 9.1, < 9.1.25.172024-02-13

CVE-2024-21393 [HIGH] CWE-79 CVE-2024-21393: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

nvd

CVE-2024-21395HIGHCVSS 8.2≥ 9.1, < 9.1.25.172024-02-13

CVE-2024-21395 [HIGH] CWE-79 CVE-2024-21395: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

nvd

CVE-2024-21327HIGHCVSS 7.6≥ 9.1, < 9.1.25.172024-02-13

CVE-2024-21327 [HIGH] CWE-79 CVE-2024-21327: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

nvd

CVE-2024-21389HIGHCVSS 7.6≥ 9.1, < 9.1.25.172024-02-13

CVE-2024-21389 [HIGH] CWE-79 CVE-2024-21389: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

nvd

CVE-2023-35621HIGHCVSS 7.5v10.0.37v10.0.382023-12-12

CVE-2023-35621 [HIGH] CWE-799 CVE-2023-35621: Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability

nvd

CVE-2023-36020MEDIUMCVSS 5.4≥ 9.0, < 9.0.51.06≥ 9.1, < 9.1.23.102023-12-12

CVE-2023-36020 [HIGH] CWE-79 CVE-2023-36020: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

nvd

CVE-2023-36030MEDIUMCVSS 6.1≥ 9.0, < 9.0.51.06≥ 9.1, < 9.1.23.102023-11-14

CVE-2023-36030 [MEDIUM] CWE-79 CVE-2023-36030: Microsoft Dynamics 365 Sales Spoofing Vulnerability Microsoft Dynamics 365 Sales Spoofing Vulnerability

nvd

1 / 5Next →