Msrc Microsoft Dynamics 365 Version 9.0 vulnerabilities

CVE-2023-36020 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. FAQ: According to the CVSS metric, privil

CVE-2023-36030 [MEDIUM] CWE-79 Microsoft Dynamics 365 Sales Spoofing Vulnerability Microsoft Dynamics 365 Sales Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this

CVE-2023-36016 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean

CVE-2023-36433 [MEDIUM] CWE-643 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: What type of information could be disclosed by this vulnerability? The type of inf

CVE-2023-36429 [MEDIUM] CWE-643 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: What type of information could be disclosed by this vulnerability? The type of inf

CVE-2023-36416 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code. FAQ: According t

CVE-2023-36886 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity

CVE-2023-38164 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would

CVE-2023-35389 [MEDIUM] CWE-611 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email

CVE-2023-33171 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean f

CVE-2023-35335 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability? There could be a loss of confidentiality if an unaware user clicked on a popup therefore creating an opportunity for an attacker to retrieve cookies o

CVE-2023-28309 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope chang

CVE-2023-28314 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker. FAQ: A

CVE-2023-24919 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope cha

CVE-2023-24922 [MEDIUM] CWE-643 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? This vulnerability causes a verbose error message that could provide attacker with enough information to construct a malicious payload. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerabili

CVE-2023-24891 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker. FAQ: A

CVE-2023-24920 [MEDIUM] CWE-352 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an emai

CVE-2023-24921 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction wou

CVE-2023-24879 [MEDIUM] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the

CVE-2023-21573 [MEDIUM] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S: