Msrc Microsoft Dynamics 365 Version 9.0 vulnerabilities

CVE-2020-16861 [MEDIUM] Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker w

CVE-2020-16871 [MEDIUM] Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker w

CVE-2020-16878 [MEDIUM] Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker w

CVE-2020-16864 [MEDIUM] Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker w

CVE-2020-16859 [MEDIUM] Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker w

CVE-2020-16858 [MEDIUM] Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker w

CVE-2020-16860 [MEDIUM] Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. An authenticated

CVE-2020-1591 [MEDIUM] Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker wh

CVE-2020-1063 [MEDIUM] Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker wh

CVE-2019-1375 [MEDIUM] Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker wh

CVE-2019-1229 [HIGH] Dynamics On-Premise Elevation of Privilege Vulnerability Dynamics On-Premise Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission

CVE-2019-1008 [MEDIUM] Microsoft Dynamics On-Premise Security Feature Bypass Microsoft Dynamics On-Premise Security Feature Bypass Description: A security feature bypass vulnerability exists in Dynamics On Premise. An attacker who exploited the vulnerability could send attachment types that are blocked by the email attachment system. To exploit the vulnerability, an attacker would need to capture and edit the POST request to include a special character in the extension. The update addresses the