99 matches found
CVE-2021-41353
CVE-2021-41353 affects Microsoft Dynamics 365 (on-premises). Connected sources confirm a spoofing vulnerability in the Dynamics 365 on-premises deployment, with UI/representation issues enabling spoofing. Affected versions referenced by external advisories include Dynamics 365 on‑premises (notabl...
CVE-2023-36410
CVE-2023-36410 affects Microsoft Dynamics 365 (on-premises) with a cross-site scripting (XSS) vulnerability. Public sources in the connected documents confirm the issue is an XSS vulnerability in on-prem Dynamics 365, capable of spoofing user interfaces and potentially exposing credentials. The p...
CVE-2024-38211
CVE-2024-38211 affects Microsoft Dynamics 365 (on‑premises) version 9.1. The connected sources describe a Cross‑Site Scripting (XSS) vulnerability that could lead to theft of cookies or session data and potential UI spoofing. Remediation is available via security updates for Dynamics 365 on‑premi...
CVE-2023-35335
CVE-2023-35335 affects Microsoft Dynamics 365 (on‑premises) and is a Cross‑site Scripting vulnerability (XSS). The NVD/MSR describe a network‑accessible issue with user interaction required, CVSS v3.1 base score 8.2 (High) and a changelog indicating a security fix in Microsoft Dynamics updates. C...
CVE-2020-16862
CVE-2020-16862 is a remote code execution vulnerability in Microsoft Dynamics 365 (on-premises). The issue arises when the Dynamics server fails to properly sanitize and validate web requests, allowing an authenticated attacker to exploit a crafted request and execute arbitrary code in the contex...
CVE-2020-1063
CVE-2020-1063 is an authenticated-cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). The Red Hat and Microsoft advisories corroborate that an attacker with valid authentication could exploit specially crafted web requests to run script in the user’s browser, reading or al...
CVE-2023-33171
Microsoft Dynamics 365 (on-premises) contains CVE-2023-33171, a cross-site scripting vulnerability in its web interface. The NVD entry lists CVSS: base 6.1 (Network, Low attack complexity, No privileges, User interaction required, Confidentiality Low, Integrity Low, Availability None) with a prac...
CVE-2018-8605
Microsoft Dynamics 365 (on-premises), version 8.x prior to 8.2.3.0008, is affected by multiple vulnerabilities including cross-site scripting (CVE-2018-8605, CVE-2018-8606, CVE-2018-8607, CVE-2018-8608) and other issues (CVE-2018-8654, CVE-2018-8609). The Nessus entry consolidates affected versio...
CVE-2024-38182
CVE-2024-38182 is a Microsoft Dynamics 365 elevation-of-privilege vulnerability described as weak authentication that allows an unauthenticated, network-based attacker to escalate privileges. Connected sources confirm the issue affects Microsoft Dynamics 365 Field Service On-Premises version 7 (o...
CVE-2020-16860
CVE-2020-16860 affects Microsoft Dynamics 365 (on-premises). It describes a remote code execution vulnerability where the server fails to properly sanitize web requests to the Dynamics server, potentially allowing an authenticated attacker to run arbitrary code in the context of the SQL service a...
CVE-2020-16878
Summary of CVE-2020-16878 : A cross-site scripting vulnerability affects Microsoft Dynamics 365 (on-premises) where a specially crafted web request is not properly sanitized. An authenticated attacker could exploit this by sending such a request to an affected Dynamics server, enabling XSS that r...
CVE-2018-8609
CVE-2018-8609 is a remote code execution vulnerability in Microsoft Dynamics 365 (on-premises) version 8 . The server fails to properly sanitize web requests to the affected Dynamics server, allowing an authenticated attacker to execute arbitrary code in the context of the SQL service account by ...
CVE-2018-8654
CVE-2018-8654 is an elevation-of-privilege flaw in Microsoft Dynamics 365 Server (on-premises). An authenticated attacker can impersonate another Dynamics CRM user by sending a specially crafted request, abusing input validation/sanitization weaknesses. Microsoft released a fix in Update 8.2.3 (K...
CVE-2021-40457
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting vulnerability (CVE-2021-40457) affects Microsoft Dynamics 365 Customer Engagement components; multiple sources (NVD, CNNVD, PRION, KLA) confirm XSS and potential UI spoofing aspects. Affected products include Dynamics 365 Customer En...
CVE-2023-36886
CVE-2023-36886 applies to Microsoft Dynamics 365 (on-premises) and is a cross-site scripting vulnerability in the on-premises deployment. Connected sources corroborate this as the same CVE and identify affected Dynamics 365 on-premises products. Microsoft published fixes via Service Update 1.21 f...
CVE-2023-38164
CVE-2023-38164 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises) . The NVD/CNA data indicate a network-exposed issue where the attacker can compromise browser context via XSS, with user interaction required. The impact is mainly on confidentiality (HIGH in CNA metric...
CVE-2024-30061
CVE-2024-30061 — Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability. The vulnerability affects the on‑premises Dynamics 365 product and is classified with a CVSSv3.1 base score of 7.3 (HIGH): Network access, low attack complexity, required user interaction, and low privileg...
CVE-2020-16858
CVE-2020-16858 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). The issue arises when Dynamics Server does not properly sanitize a specially crafted web request, allowing an authenticated attacker to execute script in the user’s browser and access or modify data wi...
CVE-2020-17018
CVE-2020-17018 is a Cross-site Scripting (XSS) vulnerability affecting Microsoft Dynamics 365 (on‑premises). Connected sources indicate affected products include Microsoft Dynamics 365 (on‑premises) v9.0, Microsoft Dynamics CRM 2015 (on‑premises) v7.0, and Microsoft Dynamics 365 (on‑premises) v8....
CVE-2024-43476
CVE-2024-43476 : A cross-site scripting vulnerability exists in Microsoft Dynamics 365 (on-premises). The root cause is improper validation of user-supplied input before rendering it to users, leading to potential cookie-based credential theft and other XSS impacts. The CVSS v3.1 base score is 7....
CVE-2018-8608
CVE-2018-8608 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises) 8.x caused by improper sanitization of a specially crafted web request to an affected Dynamics server. Affected software is Microsoft Dynamics 365 (on-premises) version 8 prior to 8.2.3.0008. The vulnera...
CVE-2020-16859
Summary for CVE-2020-16859 (Microsoft Dynamics 365 on-premises): A cross‑site scripting vulnerability arises from improper sanitization of a crafted web request to Dynamics Server. An authenticated attacker could trigger XSS in the user’s browser, running scripts in the context of the logged‑in u...
CVE-2020-16861
The CVE-2020-16861 entry describes a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 (on‑premises) caused by improper sanitization of a crafted web request. An authenticated attacker could exploit this to run scripts in the current user’s browser, read restricted content, imper...
CVE-2023-36429
CVE-2023-36429 affects Microsoft Dynamics 365 (On-Premises). It is an information-disclosure vulnerability in the Dynamics 365 On-Premises deployment that could allow an attacker to obtain sensitive information. According to the CVE metrics, it has CVSS v3.1 base score 6.5 (Medium) with a Network...
CVE-2020-16871
CVE-2020-16871: Microsoft Dynamics 365 (on-premises) contains a cross-site scripting vulnerability due to improper sanitization of crafted web requests. An authenticated attacker could send a specially crafted request to an affected Dynamics server and execute script in the security context of th...
CVE-2020-17005
CVE-2020-17005 is a Cross-site Scripting (XSS) vulnerability in Microsoft Dynamics 365 (on-premises). Public details describe an issue where the web page structure was not adequately protected, enabling an attacker to execute script in the context of a logged-in user. Affected products include Dy...
CVE-2023-35621
CVE-2023-35621 is a Denial-of-Service vulnerability affecting Microsoft Dynamics 365 for Finance and Operations (on‑premises). The issue is exposed over the network and can be triggered remotely to impact availability; CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base 7.5, HIGH). Connect...
CVE-2018-8606
MODE C: Affected product is Microsoft Dynamics 365 (on-premises) 8.x. The issue is a Cross-Site Scripting vulnerability caused by improper sanitization of certain web requests to the Dynamics server (CVE-2018-8606). Impact is web-based script execution in a user’s browser session when a user is e...
CVE-2019-1375
CVE-2019-1375 affects Microsoft Dynamics 365 (on-premises), specifically version 9.0. The vulnerability is a cross-site scripting (XSS) flaw caused by improper sanitization of specially crafted web requests to the Dynamics server. An authenticated attacker could execute script in the context of t...
CVE-2023-36800
CVE-2023-36800 is an XSS vulnerability affecting Microsoft Dynamics 365 (on-premises) / Dynamics 365 for Finance and Operations (on-premises) — specifically versions 9.0 and 9.1. The root cause is described as insufficient protection of the web page structure, enabling remote exploitation to spoo...
CVE-2020-16864
CVE-2020-16864 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). The root cause is insufficient sanitization of specially crafted web requests to the Dynamics server, enabling an authenticated attacker to run scripts in the browser in the context of the current user...
CVE-2020-16872
CVE-2020-16872 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). An authenticated attacker could send a specially crafted web request to an affected Dynamics server, triggering XSS and executing script in the security context of the currently authenticated user. Imp...
CVE-2026-42833
CVE-2026-42833 affects Microsoft Dynamics 365 on-premises. The description indicates an"execution with unnecessary privileges" vulnerability that enables an authorized attacker to execute remote code over the network, with impact including full code execution on the affected system. The available...
CVE-2023-36416
CVE-2023-36416 is a Microsoft Dynamics 365 (on-premises) cross-site scripting vulnerability affecting the web UI. Public sources describe an XSS flaw that could allow an attacker to steal cookie-based authentication credentials or spoof the user interface. CVSS v3.1 indicates network access with ...
CVE-2023-36020
CVE-2023-36020 is a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). Connected sources confirm an XSS flaw that can be exploited remotely to spoof the user interface, affecting Microsoft Dynamics 365 (on-premises) versions 9.0 and 9.1 (and related Platform/Finance & Ope...
CVE-2023-36433
CVE-2023-36433 affects Microsoft Dynamics 365 (on-premises) 9.0 and 9.1 with an information-disclosure vulnerability. Root cause details are not fully specified in the provided documents, but the impact is access to sensitive data. CVSSv3.1 metrics: Network attack, low complexity, user interactio...
CVE-2026-40371
Technical details (affected product/component, root cause, and fix) are not publicly available in the provided documents. Monitor for updates.
CVE-2018-8607
CVE-2018-8607 describes a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 (on-premises) 8.x . The issue arises because the web server does not properly sanitize a specially crafted web request to an affected Dynamics server. Affected product/version: Microsoft Dynamics 365 (on-...
CVE-2026-47647
CVE-2026-47647 relates to Microsoft Dynamics 365 and involves an improper access control that enables an authorized attacker to perform a network-based privilege escalation. The CVSS 3.1 metrics indicate a high-severity, network-exposed issue with low attack complexity and low privileges required...
CVE-2025-49715
CVE-2025-49715 relates to an information disclosure in Microsoft Dynamics 365 FastTrack Implementation Assets. Affected product: Dynamics 365 FastTrack Implementation Assets. The description states that private personal information can be exposed to an unauthorized actor over a network, indicatin...
CVE-2025-53728
CVE-2025-53728 affects Microsoft Dynamics 365 (on-premises) (version 9.1) with an information disclosure vulnerability that allows an unauthenticated network attacker to obtain sensitive data. The root cause is exposure of information to an unauthorized actor over a network. Microsoft has release...
CVE-2025-55238
CVE-2025-55238 affects Microsoft Dynamics 365 FastTrack Implementation Assets. The connected sources describe an information disclosure vulnerability arising from an access control error, enabling leakage of asset information. No concrete exploit details, affected version ranges, or remediation/f...
CVE-2026-42898
Microsoft Dynamics 365 on-premises is affected by CVE-2026-42898 (code injection via improper control of generation of code), allowing an authenticated attacker to execute code over the network. The CVSS vector indicates Network, Low privileges, No user interaction, with high impact on confidenti...
CVE-2025-49745
CVE-2025-49745 affects Microsoft Dynamics 365 (on-premises) (version 9.1). It is a cross-site scripting vulnerability caused by improper neutralization of input during web page generation, enabling an attacker to spoof the user interface over a network. The vulnerability requires user interaction...
CVE-2026-32210
Technical details are not publicly available in the provided documents for CVE-2026-32210. Monitor for updates.
CVE-2026-33103
CVE-2026-33103 affects Microsoft Dynamics 365 (On-Premises) and is an information disclosure vulnerability with a CVSS v3.1 base score of 5.5 (Medium). The issue is exploitable locally (Attack Vector: Local) with Low privileges required and no user interaction, and it does not affect integrity or...
CVE-2025-62206
CVE-2025-62206 pertains to an information disclosure in Microsoft Dynamics 365 (on-premises) . The vulnerability allows an unauthorized network attacker to disclose potentially sensitive information via exposed data, with a CVSSv3.1 base score of 6.5 (Network, Low attack complexity, No privileges...
CVE-2025-62210
CVE-2025-62210 affects Dynamics 365 Field Service (online). The issue is an improper neutralization of input during web page generation (XSS) in Dynamics 365 Field Service (online), enabling an authorized attacker to perform spoofing over the network. Affected software is Dynamics 365 Field Servi...
CVE-2025-62211
Summary (CVE-2025-62211) : A cross-site scripting vulnerability in Microsoft Dynamics 365 Field Service (online) allows an authorized attacker to spoof the user interface over a network due to improper neutralization of input during web page generation. The CVSS metrics (AV:N/AC:L/PR:L/UI:R/S:C/C...