Microsoft Dynamics 365 vulnerabilities
87 known vulnerabilities affecting microsoft/dynamics_365.
Total CVEs
87
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH23MEDIUM61LOW2
Vulnerabilities
Page 4 of 5
CVE-2020-17147MEDIUMCVSS 5.4v8.2v9.02020-12-10
CVE-2020-17147 [MEDIUM] CWE-79 CVE-2020-17147: Dynamics CRM Webclient Cross-site Scripting Vulnerability
Dynamics CRM Webclient Cross-site Scripting Vulnerability
nvd
CVE-2020-17018MEDIUMCVSS 5.4v9.02020-11-11
CVE-2020-17018 [MEDIUM] CWE-79 CVE-2020-17018: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
nvd
CVE-2020-17021MEDIUMCVSS 5.4v9.02020-11-11
CVE-2020-17021 [MEDIUM] CWE-79 CVE-2020-17021: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
nvd
CVE-2020-17005MEDIUMCVSS 5.4v9.02020-11-11
CVE-2020-17005 [MEDIUM] CWE-79 CVE-2020-17005: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
nvd
CVE-2020-16978MEDIUMCVSS 5.4v9.02020-10-16
CVE-2020-16978 [MEDIUM] CWE-79 CVE-2020-16978: <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not pr
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
The attacker who successfully exploited the vu
nvd
CVE-2020-16956MEDIUMCVSS 5.4v8.2v9.02020-10-16
CVE-2020-16956 [MEDIUM] CWE-79 CVE-2020-16956: <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not pr
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
The attacker who successfully exploited the vu
nvd
CVE-2020-16862HIGHCVSS 8.8v9.02020-09-11
CVE-2020-16862 [HIGH] CVE-2020-16862: <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the ser
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account.
An authenticated attacker could exploit this vulnerability by s
nvd
CVE-2020-16860HIGHCVSS 8.8v9.02020-09-11
CVE-2020-16860 [HIGH] CVE-2020-16860: <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the ser
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account.
An authenticated attacker could exploit this vulnerability by s
nvd
CVE-2020-16859MEDIUMCVSS 5.4v9.02020-09-11
CVE-2020-16859 [MEDIUM] CWE-79 CVE-2020-16859: <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not pr
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
The attacker who successfully exploited the vu
nvd
CVE-2020-16878MEDIUMCVSS 5.4v8.2v9.02020-09-11
CVE-2020-16878 [MEDIUM] CWE-79 CVE-2020-16878: <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not pr
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
The attacker who successfully exploited the vu
nvd
CVE-2020-16871MEDIUMCVSS 5.4v8.2v9.02020-09-11
CVE-2020-16871 [MEDIUM] CWE-79 CVE-2020-16871: <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not pr
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
The attacker who successfully exploited the vu
nvd
CVE-2020-16864MEDIUMCVSS 5.4v9.02020-09-11
CVE-2020-16864 [MEDIUM] CWE-79 CVE-2020-16864: <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not pr
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
The attacker who successfully exploited the vu
nvd
CVE-2020-16858MEDIUMCVSS 5.4v9.02020-09-11
CVE-2020-16858 [MEDIUM] CWE-79 CVE-2020-16858: <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not pr
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
The attacker who successfully exploited the vu
nvd
CVE-2020-16861MEDIUMCVSS 5.4v8.2v9.02020-09-11
CVE-2020-16861 [MEDIUM] CWE-79 CVE-2020-16861: <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not pr
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
The attacker who successfully exploited the vu
nvd
CVE-2020-16872MEDIUMCVSS 5.4v9.02020-09-11
CVE-2020-16872 [MEDIUM] CWE-79 CVE-2020-16872: <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not pr
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
The attacker who successfully exploited the vu
nvd
CVE-2020-1591MEDIUMCVSS 5.4v9.02020-08-17
CVE-2020-1591 [MEDIUM] CWE-79 CVE-2020-1591: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not prope
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
The attacker who successfully exploited the vuln
nvd
CVE-2020-1063MEDIUMCVSS 5.4v8.2v9.02020-05-21
CVE-2020-1063 [MEDIUM] CWE-79 CVE-2020-1063: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not prope
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
nvd
CVE-2018-8654MEDIUMCVSS 6.5v8.02020-01-24
CVE-2018-8654 [MEDIUM] CWE-269 CVE-2018-8654: An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dyna
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'.
nvd
CVE-2020-0656MEDIUMCVSS 5.4v7.02020-01-14
CVE-2020-0656 [MEDIUM] CWE-79 CVE-2020-0656: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not prope
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
nvd
CVE-2019-1375MEDIUMCVSS 5.4≥ 9.0, < 9.0.9.42019-10-10
CVE-2019-1375 [MEDIUM] CWE-79 CVE-2019-1375: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not prope
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
nvd