Msrc Microsoft Dynamics 365 Version 9.1 vulnerabilities

CVE-2023-36429 [MEDIUM] CWE-643 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: What type of information could be disclosed by this vulnerability? The type of inf

CVE-2023-36416 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code. FAQ: According t

CVE-2023-36886 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity

CVE-2023-38164 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would

CVE-2023-33171 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean f

CVE-2023-35335 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability? There could be a loss of confidentiality if an unaware user clicked on a popup therefore creating an opportunity for an attacker to retrieve cookies o

CVE-2023-28309 [HIGH] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope chang

CVE-2023-28314 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker. FAQ: A

CVE-2023-24919 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope cha

CVE-2023-24922 [MEDIUM] CWE-643 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? This vulnerability causes a verbose error message that could provide attacker with enough information to construct a malicious payload. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerabili

CVE-2023-24891 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker. FAQ: A

CVE-2023-24920 [MEDIUM] CWE-352 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an emai

CVE-2023-24921 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction wou

CVE-2023-24879 [MEDIUM] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the

CVE-2023-21573 [MEDIUM] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:

CVE-2023-21571 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that m

CVE-2023-21570 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? An

CVE-2023-21572 [MEDIUM] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for

CVE-2023-21807 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS metric, user interaction is

CVE-2022-23259 [HIGH] Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated user could run a specially crafted trusted solution package to execute arbitrary SQL commands. From there the attacker could escalate and execute commands as db_owner within their Dynamics CRM database. Microsoft Dynamics: Microsoft Dynamics Microsoft: Microsof