Msrc Microsoft Dynamics 365 Version 9.1 vulnerabilities

CVE-2025-62206 [MEDIUM] CWE-200 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker

CVE-2025-53728 [MEDIUM] CWE-200 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would hav

CVE-2025-49745 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Description: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confiden

CVE-2024-43476 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to navigate to a page with malicious content to be compromised by the attacker. FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of i

CVE-2024-38211 [HIGH] CWE-601 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. FAQ: According to the CVSS metric, a suc

CVE-2024-30061 [HIGH] CWE-285 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker must be on the network to monitor domain network traffic (PR:L) while monitoring for user (UI:R) generated network traffic, or alternatively tha

CVE-2024-35263 [MEDIUM] CWE-200 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: What type of information could be disclosed by this vulnerability? This vulnerabil

CVE-2024-21419 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authorized attacker with read/write privileges must send a victim a malicious email, or share the link to a malicious email, and convince them to open it. FAQ: Accordin

CVE-2024-21389 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean f

CVE-2024-21328 [HIGH] CWE-79 Dynamics 365 Sales Spoofing Vulnerability Dynamics 365 Sales Spoofing Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authentica

CVE-2024-21394 [HIGH] CWE-79 Dynamics 365 Field Service Spoofing Vulnerability Dynamics 365 Field Service Spoofing Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that

CVE-2024-21395 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity

CVE-2024-21393 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. FAQ: According to the CVSS metric, successful exploitation of this v

CVE-2024-21396 [HIGH] CWE-79 Dynamics 365 Sales Spoofing Vulnerability Dynamics 365 Sales Spoofing Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What

CVE-2023-36020 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. FAQ: According to the CVSS metric, privil

CVE-2023-36410 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity

CVE-2023-36031 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. FAQ: According to the CVSS metric, user i

CVE-2023-36030 [MEDIUM] CWE-79 Microsoft Dynamics 365 Sales Spoofing Vulnerability Microsoft Dynamics 365 Sales Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this

CVE-2023-36016 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean

CVE-2023-36433 [MEDIUM] CWE-643 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: What type of information could be disclosed by this vulnerability? The type of inf