2 matches found
CVE-2025-21396
CVE-2025-21396: A Microsoft Account elevation-of-privilege vulnerability caused by missing authorization could allow an unauthenticated attacker to elevate privileges over the network. Affected component is the Microsoft Account service; root cause is missing authorization checks that enable priv...
CVE-2026-21264
CVE-2026-21264 concerns improper neutralization of input during web page generation (XSS) in Microsoft Account, enabling a network-based spoofing scenario. The vulnerability affects Microsoft Account web page rendering and can lead to spoofing without listed exploitation likelihood in the provide...