Lucene search
K
MicrosoftDynamics 365

99 matches found

CVE
CVE
added 2021/10/13 12:28 a.m.95 views

CVE-2021-41353

CVE-2021-41353 affects Microsoft Dynamics 365 (on-premises). Connected sources confirm a spoofing vulnerability in the Dynamics 365 on-premises deployment, with UI/representation issues enabling spoofing. Affected versions referenced by external advisories include Dynamics 365 on‑premises (notabl...

5.4CVSS5.6AI score0.00899EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.94 views

CVE-2023-36410

CVE-2023-36410 affects Microsoft Dynamics 365 (on-premises) with a cross-site scripting (XSS) vulnerability. Public sources in the connected documents confirm the issue is an XSS vulnerability in on-prem Dynamics 365, capable of spoofing user interfaces and potentially exposing credentials. The p...

7.6CVSS6.2AI score0.00938EPSS
CVE
CVE
added 2024/08/13 5:30 p.m.93 views

CVE-2024-38211

CVE-2024-38211 affects Microsoft Dynamics 365 (on‑premises) version 9.1. The connected sources describe a Cross‑Site Scripting (XSS) vulnerability that could lead to theft of cookies or session data and potential UI spoofing. Remediation is available via security updates for Dynamics 365 on‑premi...

8.2CVSS8AI score0.00941EPSS
CVE
CVE
added 2023/07/11 5:3 p.m.92 views

CVE-2023-35335

CVE-2023-35335 affects Microsoft Dynamics 365 (on‑premises) and is a Cross‑site Scripting vulnerability (XSS). The NVD/MSR describe a network‑accessible issue with user interaction required, CVSS v3.1 base score 8.2 (High) and a changelog indicating a security fix in Microsoft Dynamics updates. C...

8.2CVSS7.9AI score0.00803EPSS
CVE
CVE
added 2020/09/11 5:8 p.m.91 views

CVE-2020-16862

CVE-2020-16862 is a remote code execution vulnerability in Microsoft Dynamics 365 (on-premises). The issue arises when the Dynamics server fails to properly sanitize and validate web requests, allowing an authenticated attacker to exploit a crafted request and execute arbitrary code in the contex...

8.8CVSS8.6AI score0.0335EPSS
CVE
CVE
added 2020/05/21 10:52 p.m.89 views

CVE-2020-1063

CVE-2020-1063 is an authenticated-cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). The Red Hat and Microsoft advisories corroborate that an attacker with valid authentication could exploit specially crafted web requests to run script in the user’s browser, reading or al...

5.4CVSS5.2AI score0.01414EPSS
CVE
CVE
added 2023/07/11 5:3 p.m.89 views

CVE-2023-33171

Microsoft Dynamics 365 (on-premises) contains CVE-2023-33171, a cross-site scripting vulnerability in its web interface. The NVD entry lists CVSS: base 6.1 (Network, Low attack complexity, No privileges, User interaction required, Confidentiality Low, Integrity Low, Availability None) with a prac...

8.2CVSS6.3AI score0.00673EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.88 views

CVE-2018-8605

Microsoft Dynamics 365 (on-premises), version 8.x prior to 8.2.3.0008, is affected by multiple vulnerabilities including cross-site scripting (CVE-2018-8605, CVE-2018-8606, CVE-2018-8607, CVE-2018-8608) and other issues (CVE-2018-8654, CVE-2018-8609). The Nessus entry consolidates affected versio...

5.4CVSS5.2AI score0.01413EPSS
CVE
CVE
added 2024/07/31 11:0 p.m.88 views

CVE-2024-38182

CVE-2024-38182 is a Microsoft Dynamics 365 elevation-of-privilege vulnerability described as weak authentication that allows an unauthenticated, network-based attacker to escalate privileges. Connected sources confirm the issue affects Microsoft Dynamics 365 Field Service On-Premises version 7 (o...

9.8CVSS9.2AI score0.00884EPSS
CVE
CVE
added 2020/09/11 5:8 p.m.87 views

CVE-2020-16860

CVE-2020-16860 affects Microsoft Dynamics 365 (on-premises). It describes a remote code execution vulnerability where the server fails to properly sanitize web requests to the Dynamics server, potentially allowing an authenticated attacker to run arbitrary code in the context of the SQL service a...

8.8CVSS8.3AI score0.02689EPSS
CVE
CVE
added 2020/09/11 5:8 p.m.87 views

CVE-2020-16878

Summary of CVE-2020-16878 : A cross-site scripting vulnerability affects Microsoft Dynamics 365 (on-premises) where a specially crafted web request is not properly sanitized. An authenticated attacker could exploit this by sending such a request to an affected Dynamics server, enabling XSS that r...

5.4CVSS5.9AI score0.0164EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.86 views

CVE-2018-8609

CVE-2018-8609 is a remote code execution vulnerability in Microsoft Dynamics 365 (on-premises) version 8 . The server fails to properly sanitize web requests to the affected Dynamics server, allowing an authenticated attacker to execute arbitrary code in the context of the SQL service account by ...

8.8CVSS9.2AI score0.08719EPSS
CVE
CVE
added 2020/01/24 8:50 p.m.85 views

CVE-2018-8654

CVE-2018-8654 is an elevation-of-privilege flaw in Microsoft Dynamics 365 Server (on-premises). An authenticated attacker can impersonate another Dynamics CRM user by sending a specially crafted request, abusing input validation/sanitization weaknesses. Microsoft released a fix in Update 8.2.3 (K...

6.5CVSS6.4AI score0.01763EPSS
CVE
CVE
added 2021/10/13 12:26 a.m.85 views

CVE-2021-40457

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting vulnerability (CVE-2021-40457) affects Microsoft Dynamics 365 Customer Engagement components; multiple sources (NVD, CNNVD, PRION, KLA) confirm XSS and potential UI spoofing aspects. Affected products include Dynamics 365 Customer En...

7.4CVSS6.9AI score0.01545EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.85 views

CVE-2023-36886

CVE-2023-36886 applies to Microsoft Dynamics 365 (on-premises) and is a cross-site scripting vulnerability in the on-premises deployment. Connected sources corroborate this as the same CVE and identify affected Dynamics 365 on-premises products. Microsoft published fixes via Service Update 1.21 f...

7.6CVSS6.2AI score0.00875EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.85 views

CVE-2023-38164

CVE-2023-38164 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises) . The NVD/CNA data indicate a network-exposed issue where the attacker can compromise browser context via XSS, with user interaction required. The impact is mainly on confidentiality (HIGH in CNA metric...

7.6CVSS6.2AI score0.00858EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.84 views

CVE-2024-30061

CVE-2024-30061 — Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability. The vulnerability affects the on‑premises Dynamics 365 product and is classified with a CVSSv3.1 base score of 7.3 (HIGH): Network access, low attack complexity, required user interaction, and low privileg...

7.3CVSS7AI score0.01373EPSS
CVE
CVE
added 2020/09/11 5:8 p.m.83 views

CVE-2020-16858

CVE-2020-16858 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). The issue arises when Dynamics Server does not properly sanitize a specially crafted web request, allowing an authenticated attacker to execute script in the user’s browser and access or modify data wi...

5.4CVSS5.9AI score0.0164EPSS
CVE
CVE
added 2020/11/11 6:48 a.m.82 views

CVE-2020-17018

CVE-2020-17018 is a Cross-site Scripting (XSS) vulnerability affecting Microsoft Dynamics 365 (on‑premises). Connected sources indicate affected products include Microsoft Dynamics 365 (on‑premises) v9.0, Microsoft Dynamics CRM 2015 (on‑premises) v7.0, and Microsoft Dynamics 365 (on‑premises) v8....

5.4CVSS5.2AI score0.01326EPSS
CVE
CVE
added 2024/09/10 4:54 p.m.81 views

CVE-2024-43476

CVE-2024-43476 : A cross-site scripting vulnerability exists in Microsoft Dynamics 365 (on-premises). The root cause is improper validation of user-supplied input before rendering it to users, leading to potential cookie-based credential theft and other XSS impacts. The CVSS v3.1 base score is 7....

7.6CVSS6.2AI score0.0084EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.80 views

CVE-2018-8608

CVE-2018-8608 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises) 8.x caused by improper sanitization of a specially crafted web request to an affected Dynamics server. Affected software is Microsoft Dynamics 365 (on-premises) version 8 prior to 8.2.3.0008. The vulnera...

5.4CVSS5.2AI score0.01413EPSS
CVE
CVE
added 2020/09/11 5:8 p.m.80 views

CVE-2020-16859

Summary for CVE-2020-16859 (Microsoft Dynamics 365 on-premises): A cross‑site scripting vulnerability arises from improper sanitization of a crafted web request to Dynamics Server. An authenticated attacker could trigger XSS in the user’s browser, running scripts in the context of the logged‑in u...

5.4CVSS5.9AI score0.0164EPSS
CVE
CVE
added 2020/09/11 5:8 p.m.79 views

CVE-2020-16861

The CVE-2020-16861 entry describes a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 (on‑premises) caused by improper sanitization of a crafted web request. An authenticated attacker could exploit this to run scripts in the current user’s browser, read restricted content, imper...

5.4CVSS5.9AI score0.016EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.79 views

CVE-2023-36429

CVE-2023-36429 affects Microsoft Dynamics 365 (On-Premises). It is an information-disclosure vulnerability in the Dynamics 365 On-Premises deployment that could allow an attacker to obtain sensitive information. According to the CVE metrics, it has CVSS v3.1 base score 6.5 (Medium) with a Network...

6.5CVSS6.4AI score0.02037EPSS
CVE
CVE
added 2020/09/11 5:8 p.m.78 views

CVE-2020-16871

CVE-2020-16871: Microsoft Dynamics 365 (on-premises) contains a cross-site scripting vulnerability due to improper sanitization of crafted web requests. An authenticated attacker could send a specially crafted request to an affected Dynamics server and execute script in the security context of th...

5.4CVSS5.9AI score0.0164EPSS
CVE
CVE
added 2020/11/11 6:48 a.m.78 views

CVE-2020-17005

CVE-2020-17005 is a Cross-site Scripting (XSS) vulnerability in Microsoft Dynamics 365 (on-premises). Public details describe an issue where the web page structure was not adequately protected, enabling an attacker to execute script in the context of a logged-in user. Affected products include Dy...

5.4CVSS5.2AI score0.01326EPSS
CVE
CVE
added 2023/12/12 6:10 p.m.77 views

CVE-2023-35621

CVE-2023-35621 is a Denial-of-Service vulnerability affecting Microsoft Dynamics 365 for Finance and Operations (on‑premises). The issue is exposed over the network and can be triggered remotely to impact availability; CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base 7.5, HIGH). Connect...

7.5CVSS7.5AI score0.02339EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.76 views

CVE-2018-8606

MODE C: Affected product is Microsoft Dynamics 365 (on-premises) 8.x. The issue is a Cross-Site Scripting vulnerability caused by improper sanitization of certain web requests to the Dynamics server (CVE-2018-8606). Impact is web-based script execution in a user’s browser session when a user is e...

5.4CVSS5.2AI score0.01413EPSS
CVE
CVE
added 2019/10/10 1:28 p.m.75 views

CVE-2019-1375

CVE-2019-1375 affects Microsoft Dynamics 365 (on-premises), specifically version 9.0. The vulnerability is a cross-site scripting (XSS) flaw caused by improper sanitization of specially crafted web requests to the Dynamics server. An authenticated attacker could execute script in the context of t...

5.4CVSS5AI score0.01456EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.75 views

CVE-2023-36800

CVE-2023-36800 is an XSS vulnerability affecting Microsoft Dynamics 365 (on-premises) / Dynamics 365 for Finance and Operations (on-premises) — specifically versions 9.0 and 9.1. The root cause is described as insufficient protection of the web page structure, enabling remote exploitation to spoo...

7.6CVSS6.3AI score0.00698EPSS
CVE
CVE
added 2020/09/11 5:8 p.m.72 views

CVE-2020-16864

CVE-2020-16864 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). The root cause is insufficient sanitization of specially crafted web requests to the Dynamics server, enabling an authenticated attacker to run scripts in the browser in the context of the current user...

5.4CVSS5.9AI score0.016EPSS
CVE
CVE
added 2020/09/11 5:8 p.m.72 views

CVE-2020-16872

CVE-2020-16872 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). An authenticated attacker could send a specially crafted web request to an affected Dynamics server, triggering XSS and executing script in the security context of the currently authenticated user. Imp...

7.6CVSS7AI score0.01814EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.69 views

CVE-2026-42833

CVE-2026-42833 affects Microsoft Dynamics 365 on-premises. The description indicates an"execution with unnecessary privileges" vulnerability that enables an authorized attacker to execute remote code over the network, with impact including full code execution on the affected system. The available...

9.1CVSS6.2AI score0.00748EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.68 views

CVE-2023-36416

CVE-2023-36416 is a Microsoft Dynamics 365 (on-premises) cross-site scripting vulnerability affecting the web UI. Public sources describe an XSS flaw that could allow an attacker to steal cookie-based authentication credentials or spoof the user interface. CVSS v3.1 indicates network access with ...

6.1CVSS6.2AI score0.0081EPSS
CVE
CVE
added 2023/12/12 6:10 p.m.66 views

CVE-2023-36020

CVE-2023-36020 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). Connected sources confirm an XSS flaw that can be exploited remotely to spoof the user interface, affecting Microsoft Dynamics 365 (on-premises) versions 9.0 and 9.1 (and related Platform/Finance & Ope...

7.6CVSS6.2AI score0.00995EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.66 views

CVE-2023-36433

CVE-2023-36433 affects Microsoft Dynamics 365 (on-premises) 9.0 and 9.1 with an information-disclosure vulnerability. Root cause details are not fully specified in the provided documents, but the impact is access to sensitive data. CVSSv3.1 metrics: Network attack, low complexity, user interactio...

6.5CVSS6.4AI score0.01923EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.66 views

CVE-2026-40371

Technical details (affected product/component, root cause, and fix) are not publicly available in the provided documents. Monitor for updates.

8.8CVSS5.5AI score0.0063EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.65 views

CVE-2018-8607

CVE-2018-8607 describes a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 (on-premises) 8.x . The issue arises because the web server does not properly sanitize a specially crafted web request to an affected Dynamics server. Affected product/version: Microsoft Dynamics 365 (on-...

5.4CVSS5.2AI score0.01413EPSS
CVE
CVE
added 2026/06/18 9:42 p.m.65 views

CVE-2026-47647

CVE-2026-47647 relates to Microsoft Dynamics 365 and involves an improper access control that enables an authorized attacker to perform a network-based privilege escalation. The CVSS 3.1 metrics indicate a high-severity, network-exposed issue with low attack complexity and low privileges required...

9.9CVSS5.3AI score0.00426EPSS
CVE
CVE
added 2025/06/20 1:4 a.m.45 views

CVE-2025-49715

CVE-2025-49715 relates to an information disclosure in Microsoft Dynamics 365 FastTrack Implementation Assets. Affected product: Dynamics 365 FastTrack Implementation Assets. The description states that private personal information can be exposed to an unauthorized actor over a network, indicatin...

7.5CVSS7.2AI score0.00685EPSS
CVE
CVE
added 2025/08/12 5:10 p.m.40 views

CVE-2025-53728

CVE-2025-53728 affects Microsoft Dynamics 365 (on-premises) (version 9.1) with an information disclosure vulnerability that allows an unauthenticated network attacker to obtain sensitive data. The root cause is exposure of information to an unauthorized actor over a network. Microsoft has release...

6.5CVSS6.5AI score0.01181EPSS
CVE
CVE
added 2025/09/04 11:9 p.m.39 views

CVE-2025-55238

CVE-2025-55238 affects Microsoft Dynamics 365 FastTrack Implementation Assets. The connected sources describe an information disclosure vulnerability arising from an access control error, enabling leakage of asset information. No concrete exploit details, affected version ranges, or remediation/f...

7.5CVSS5.9AI score0.00764EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.36 views

CVE-2026-42898

Microsoft Dynamics 365 on-premises is affected by CVE-2026-42898 (code injection via improper control of generation of code), allowing an authenticated attacker to execute code over the network. The CVSS vector indicates Network, Low privileges, No user interaction, with high impact on confidenti...

9.9CVSS6AI score0.01194EPSS
CVE
CVE
added 2025/08/12 5:9 p.m.35 views

CVE-2025-49745

CVE-2025-49745 affects Microsoft Dynamics 365 (on-premises) (version 9.1). It is a cross-site scripting vulnerability caused by improper neutralization of input during web page generation, enabling an attacker to spoof the user interface over a network. The vulnerability requires user interaction...

5.4CVSS6.9AI score0.00508EPSS
CVE
CVE
added 2026/04/23 9:35 p.m.30 views

CVE-2026-32210

Technical details are not publicly available in the provided documents for CVE-2026-32210. Monitor for updates.

9.3CVSS5.8AI score0.00584EPSS
CVE
CVE
added 2026/04/14 4:58 p.m.27 views

CVE-2026-33103

CVE-2026-33103 affects Microsoft Dynamics 365 (On-Premises) and is an information disclosure vulnerability with a CVSS v3.1 base score of 5.5 (Medium). The issue is exploitable locally (Attack Vector: Local) with Low privileges required and no user interaction, and it does not affect integrity or...

5.5CVSS5.6AI score0.00221EPSS
CVE
CVE
added 2025/11/11 5:59 p.m.21 views

CVE-2025-62206

CVE-2025-62206 pertains to an information disclosure in Microsoft Dynamics 365 (on-premises) . The vulnerability allows an unauthorized network attacker to disclose potentially sensitive information via exposed data, with a CVSSv3.1 base score of 6.5 (Network, Low attack complexity, No privileges...

6.5CVSS4.9AI score0.00898EPSS
CVE
CVE
added 2025/11/11 5:59 p.m.20 views

CVE-2025-62210

CVE-2025-62210 affects Dynamics 365 Field Service (online). The issue is an improper neutralization of input during web page generation (XSS) in Dynamics 365 Field Service (online), enabling an authorized attacker to perform spoofing over the network. Affected software is Dynamics 365 Field Servi...

8.7CVSS5.3AI score0.00587EPSS
CVE
CVE
added 2025/11/11 5:59 p.m.20 views

CVE-2025-62211

Summary (CVE-2025-62211) : A cross-site scripting vulnerability in Microsoft Dynamics 365 Field Service (online) allows an authorized attacker to spoof the user interface over a network due to improper neutralization of input during web page generation. The CVSS metrics (AV:N/AC:L/PR:L/UI:R/S:C/C...

8.7CVSS5.3AI score0.00587EPSS
Total number of security vulnerabilities99