98 matches found
CVE-2022-21957
CVE-2022-21957 affects Microsoft Dynamics 365 (on-premises) / Dynamics CRM on-premises. The provided sources confirm a remote code execution vulnerability in Microsoft Dynamics 365 On-Premises, with CVSS3.1 base score 7.2 (HIGH) and CVSS2 base score 6.5 (MEDIUM). Concrete technical details (affec...
CVE-2024-21419
Microsoft Dynamics 365 (on-premises) 9.1 is affected by a Cross-site Scripting (XSS) vulnerability (CVE-2024-21419). The issue concerns the web UI and a vulnerability in the product’s handling of input that can spoof UI and potentially affect confidentiality/integrity. CVSS details from sources: ...
CVE-2022-23259
CVE-2022-23259 is a remote code execution vulnerability in Microsoft Dynamics 365 On-Premises. The affected product area is Dynamics 365 (on-premises) and the underlying issue enables an attacker over a network to execute arbitrary code with user-authorized privileges; authenticated access is req...
CVE-2024-21328
The CVE-2024-21328 entry concerns a spoofing vulnerability in Microsoft Dynamics 365 on-premises, specifically affecting the Dynamics 365 Sales component. Publicly connected documents indicate the issue can enable an attacker to spoof the user interface or pretend to be another user, with indicat...
CVE-2024-21327
CVE-2024-21327 is a Cross-Site Scripting vulnerability in Microsoft Dynamics 365 Customer Engagement (on-premises and related deployments). The NVD/NCSC/NASES sources indicate an XSS risk that can affect Dynamics 365 Customer Engagement V9.1 and Dynamics 365 on-premises 9.1, with Microsoft noting...
CVE-2024-21396
CVE-2024-21396 is a spoofing vulnerability in Microsoft Dynamics 365 Sales (on‑premises), enabling pre‑authentication user spoofing. Multiple sources (NCSC mapping, Nessus plugin) describe a network‑accessible issue with high impact on confidentiality and a required user interaction for exploitat...
CVE-2024-21394
CVE-2024-21394 is a spoofing vulnerability in Microsoft Dynamics 365 Field Service (on-premises) where an attacker can remotely spoof the user interface. The CVSS 3.1 vector indicates network access, low attack complexity, low privileges required, but user interaction is needed, with confidential...
CVE-2024-21393
CVE-2024-21393 is a Microsoft Dynamics 365 (on-premises) Cross-site Scripting (XSS) vulnerability. The CVSSv3.1 vector indicates NETWORK attack vector, LOW attack complexity, LOW privileges required, user interaction is REQUIRED, and the impact on confidentiality is HIGH with no availability impa...
CVE-2024-21389
CVE-2024-21389 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). The incident affects the on‑premises deployment (noted in multiple sources) and is classified with CVSSv3.1 base score 7.6 (HIGH) with network access, low attack complexity, user interaction required, ...
CVE-2024-21395
CVE-2024-21395 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). The linked CNVD/CNNVD entries describe exploitation to steal cookie-based credentials and, per ENISA/NCSC advisories, affects Dynamics 365 on-premises with multiple related CVEs. The vulnerability is b...
CVE-2020-16943
CVE-2020-16943 affects Microsoft Dynamics 365 Commerce. An unauthenticated attacker could elevate privileges and update data by sending a specially crafted request; exploitation relies on bypassing/violating authorization checks. The issue is addressed by a security update that corrects how Dynam...
CVE-2020-16956
CVE-2020-16956 is an XSS vulnerability in Microsoft Dynamics 365 (on‑premises) caused by improper sanitization of specially crafted web requests. An authenticated attacker could send crafted requests to an affected Dynamics server, execute scripts in the browser context of the current user, read ...
CVE-2020-16978
Microsoft Dynamics 365 (on‑premises) is affected by CVE-2020-16978, a cross‑site scripting (XSS) vulnerability. The issue arises when Dynamics Server does not properly sanitize specially crafted web requests, allowing an authenticated attacker to execute scripts in the context of the current user...
CVE-2020-17152
CVE-2020-17152 affects Microsoft Dynamics 365 for Finance and Operations (on-premises). The connected sources describe a remote code execution vulnerability arising from incorrect code generation management, enabling an attacker to execute arbitrary code on the affected system. The CVSSv3 base sc...
CVE-2020-17158
CVE-2020-17158 affects Microsoft Dynamics 365 for Finance and Operations (on‑premises). It is a remote‑code‑execution vulnerability reported by Microsoft; exploitation is described as post‑authentication/privilege‑required. Microsoft has issued updates via the MSRC advisory CVE-2020-17158 to fix ...
CVE-2023-21778
CVE-2023-21778 corresponds to a Microsoft Dynamics Unified Service Desk remote code execution vulnerability. The connected PT-2023-1796 describes the issue as related to incorrect code generation management in Microsoft Dynamics 365 Unified Service Desk, enabling a remote attacker to execute arbi...
CVE-2021-34524
CVE-2021-34524 is a Microsoft Dynamics 365 (on-premises) Remote Code Execution vulnerability. The CVE is reflected in multiple feeds as affecting Microsoft Dynamics 365 On-Premises (versions around 9.x per CNNVD) and is addressed by Microsoft security updates (KBs 4618795, 4618809, 5005239) and M...
CVE-2022-35805
CVE-2022-35805 affects Microsoft Dynamics CRM (on-premises). An authenticated attacker can abuse a trusted solution package to execute arbitrary SQL commands, enabling escalation and execution of commands as the db_owner within the Dynamics 365 database (remote code execution). Public sources des...
CVE-2019-1008
CVE-2019-1008 corresponds to a security feature bypass in Microsoft Dynamics 365 (on-premises). Multiple sources confirm an unauthenticated remote attacker could bypass security controls to perform restricted operations. Affected are Dynamics On-Premises installations with versions cited in Nessu...
CVE-2021-42316
CVE-2021-42316 is a Microsoft Dynamics 365 (on-premises) remote code execution vulnerability affecting on-premises deployments, specifically Dynamics 365 (on-premises) versions 9.0 and 9.1. The connected sources confirm an RCE flaw that could allow an attacker to execute arbitrary code on the tar...
CVE-2023-21570
Microsoft Dynamics 365 (on‑premises) is affected by a Cross‑site Scripting (XSS) vulnerability described as insufficient protection of the web page structure. Public details in connected sources (PT-2023-1437, CNNVD) indicate affected versions include Dynamics 365 on‑premises (9.0/9.1) with the X...
CVE-2023-28309
CVE-2023-28309 affects Microsoft Dynamics 365 (on-premises) and is a Cross-site Scripting vulnerability. ENISA/NCSC notes it enables a remote attacker to exploit XSS to execute code in the victim’s browser and potentially access sensitive data; Attack vector is network with user interaction requi...
CVE-2023-24921
CVE-2023-24921 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). Connected sources confirm the issue affects Microsoft Dynamics 365 (on-premises) versions 9.0 and 9.1 and is associated with UI spoofing and information disclosure risks (XSS) in the on-premises deploy...
CVE-2023-35389
CVE-2023-35389 affects Microsoft Dynamics 365 On-Premises (on-premises) with a remote code execution vulnerability. Multiple connected sources confirm this is an On-Premises issue impacting Dynamics 365 on version 9.x, including Business Central/On-Prem deployments, and describe exploit pathways ...
CVE-2023-21807
CVE-2023-21807 relates to a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). Public documentation confirms affected products as Microsoft Dynamics 365 (on-premises) versions around 9.0/9.1 with a CVSS v3.1 base score of 6.5 (Network, High attack complexity, User interac...
CVE-2023-24896
CVE-2023-24896 affects Microsoft Dynamics 365 Finance, described as a spoofing vulnerability that could allow an attacker to impersonate another user. Public sources consistently label Dynamics 365 Finance as the affected product and summarize the impact as UI spoofing/impersonation. The initial ...
CVE-2022-21932
CVE-2022-21932 impacts Microsoft Dynamics 365 Customer Engagement (V9.0, V9.1) and is a reported Cross-Site Scripting (XSS) vulnerability. The core issue is an XSS weakness in the product’s web interface that, per the CVE entry, has a CVSS base score of 7.6 (HIGH) in the Microsoft-provided vector...
CVE-2021-28461
CVE-2021-28461 is a documented Cross-site Scripting (XSS) vulnerability affecting Microsoft Dynamics 365 for Finance and Operations. Connected sources confirm the flaw targets the Dynamics 365 for Finance and Operations web interface, enabling spoofing of the user interface and potential executio...
CVE-2020-17147
CVE-2020-17147 is a cross-site scripting vulnerability affecting Microsoft Dynamics 365 on-premises / Dynamics CRM Webclient. Public records identify the flaw as an XSS risk in the Dynamics CRM Webclient that can spoof UI or exfiltrate data due to improper input validation. The CVE is linked to M...
CVE-2021-36950
CVE-2021-36950 is a Microsoft Dynamics 365 (on‑premises) Cross-site Scripting Vulnerability affecting (per CNVD) Dynamics 365 on‑premises version 9.0. The available sources consistently describe it as an XSS issue enabling UI spoofing. The concrete root cause details are not provided in the docum...
CVE-2023-24891
CVE-2023-24891 is a Microsoft Dynamics 365 (on-premises) Cross-site Scripting vulnerability. Affected products include Dynamics 365 on-premises versions 9.0 and 9.1. The vulnerability is a client-side XSS issue that, when combined with an authenticated user and user interaction, can allow an atta...
CVE-2023-24879
CVE-2023-24879 affects Microsoft Dynamics 365 (on-premises) (versions 9.0 and 9.1). The connected sources describe a Cross-site Scripting vulnerability in Dynamics 365 on-premises, enabling an attacker to impersonate a user and access data (per NCSC’s vulnerability breakdown). The root cause is n...
CVE-2023-36016
CVE-2023-36016 refers to a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). The issue affects Dynamics 365 on-premises and is associated with the ability of an attacker to perform XSS, with impact described as potentially high confidentiality impact in related scores, t...
CVE-2023-24920
CVE-2023-24920 affects Microsoft Dynamics 365 (on‑premises). The vulnerability is a Cross‑Site Scripting issue in the on‑premises deployment; exploitation could lead to impersonation or data exposure via a crafted request/UI context. Affected versions listed by multiple sources include Dynamics 3...
CVE-2019-1229
CVE-2019-1229 affects Microsoft Dynamics 365 On-Premises (Dynamics On-Premise) v9. An elevation-of-privilege vulnerability exists allowing a user with permission to author customized business rules to persist XAML scripts that could be interpreted as code, enabling the attacker to gain control of...
CVE-2023-36031
CVE-2023-36031 is a Microsoft Dynamics 365 (on-premises) cross-site scripting vulnerability affecting Dynamics 365 on-premises versions 9.x (notably 9.0/9.1). The root cause is an XSS flaw allowing remote exploitation that could spoof UI or expose sensitive information. Microsoft outlines service...
CVE-2022-34700
CVE-2022-34700 is a Microsoft Dynamics CRM (on-premises) RCE vulnerability. An authenticated user could apply a crafted trusted solution package to execute arbitrary SQL commands, potentially escalating to db_owner on the Dynamics 365 database. The CVSS 3.1 base score is 8.8 (HIGH) with network a...
CVE-2023-21573
CVE-2023-21573 in Microsoft Dynamics 365 (on-premises) is a documented Cross-site Scripting (XSS) vulnerability. The NVD entry lists a CVSS v3.1 base score of 5.4 (Medium) with network attack vector, low complexity, low privileges required, and user interaction needed. The impact is limited to co...
CVE-2021-41354
CVE-2021-41354 is a Microsoft Dynamics 365 (on-premises) Cross-site Scripting vulnerability. The connected sources confirm the vulnerability affects Dynamics 365 (on-premises) and classify it as a cross-site scripting issue with CVSS 3.1 base score 5.4 (MEDIUM), vector: NETWORK, high-level impact...
CVE-2023-28314
Microsoft Dynamics 365 (on-premises) contains a Cross-site Scripting vulnerability tracked as CVE-2023-28314 affecting Dynamics 365 (on-premises) versions 9.0 and 9.1. Exploitation could allow an attacker to execute code in the victim’s browser context and potentially access sensitive data (per E...
CVE-2021-24101
CVE-2021-24101 – Microsoft Dataverse Information Disclosure Vulnerability : Connected sources identify this CVE as a Microsoft Dataverse information-disclosure issue. The PT-security entry notes insufficient input validation and remote access to protected information, but no specific affected ver...
CVE-2023-24922
Microsoft Dynamics 365 (on‑premises) contains an information disclosure vulnerability tracked as CVE-2023-24922 affecting on‑premises deployments (versions 9.0 and 9.1). The issue is described as a vulnerability that can allow an attacker to obtain sensitive information. Several connected sources...
CVE-2023-24919
CVE-2023-24919 refers to a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). Affected are Dynamics 365 on-premises v9.0 and v9.1. The NVD entry lists CVSS 3.1/3.1 vector: Network, Low attack complexity, Privileges Required Low, User Interaction Required, Scope Changed, w...
CVE-2020-0656
CVE-2020-0656 describes a cross-site scripting vulnerability in Microsoft Dynamics 365 on-premises (notably Dynamics 365 Field Service on-premises v7 series) caused by improper sanitization of specially crafted web requests. An authenticated attacker could exploit this to perform XSS in the user’...
CVE-2023-21571
CVE-2023-21571 is a Microsoft Dynamics 365 (on-premises) Cross-site Scripting vulnerability affecting Dynamics 365 on-premises versions 9.0 and 9.1. The issue is confirmed in multiple sources and has a CVSS v3.1 base score of 5.4 (Medium) with network access required and user interaction. Remedia...
CVE-2023-36030
CVE-2023-36030 affects Microsoft Dynamics 365 Sales. A spoofing/ impersonation vulnerability exists that could allow an attacker to impersonate another user. CVSS base score 6.1 (medium); attack vector Network, user interaction required. Affected product scope includes Microsoft Dynamics 365 Sale...
CVE-2020-17021
CVE-2020-17021 applies to Microsoft Dynamics 365 (on-premises) and is a Cross-site Scripting (XSS) vulnerability arising from inadequate protection of the web page structure that can allow a malicious user to execute script in the context of the current authenticated user. Affected products/versi...
CVE-2020-1591
CVE-2020-1591 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises) caused by insufficient sanitization of specially crafted web requests to a Dynamics server. An authenticated attacker could exploit this to execute scripts in the security context of the current user, po...
CVE-2023-21572
CVE-2023-21572 affects Microsoft Dynamics 365 (on-premises) with a cross-site scripting vulnerability. The NVD entry documents a CVSS v3.1 base score of 6.5 (Network, Low attack complexity, User interaction required) and notes the vulnerability as a Microsoft Dynamics 365 (on‑premises) XSS issue....
CVE-2023-36410
CVE-2023-36410 affects Microsoft Dynamics 365 (on-premises) with a cross-site scripting (XSS) vulnerability. Public sources in the connected documents confirm the issue is an XSS vulnerability in on-prem Dynamics 365, capable of spoofing user interfaces and potentially exposing credentials. The p...