12 matches found
CVE-2020-17152
CVE-2020-17152 affects Microsoft Dynamics 365 for Finance and Operations (on-premises). The connected sources describe a remote code execution vulnerability arising from incorrect code generation management, enabling an attacker to execute arbitrary code on the affected system. The CVSSv3 base sc...
CVE-2020-17158
CVE-2020-17158 affects Microsoft Dynamics 365 for Finance and Operations (on‑premises). It is a remote‑code‑execution vulnerability reported by Microsoft; exploitation is described as post‑authentication/privilege‑required. Microsoft has issued updates via the MSRC advisory CVE-2020-17158 to fix ...
CVE-2023-21778
CVE-2023-21778 corresponds to a Microsoft Dynamics Unified Service Desk remote code execution vulnerability. The connected PT-2023-1796 describes the issue as related to incorrect code generation management in Microsoft Dynamics 365 Unified Service Desk, enabling a remote attacker to execute arbi...
CVE-2023-21807
CVE-2023-21807 relates to a cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises). Public documentation confirms affected products as Microsoft Dynamics 365 (on-premises) versions around 9.0/9.1 with a CVSS v3.1 base score of 6.5 (Network, High attack complexity, User interac...
CVE-2023-24896
CVE-2023-24896 affects Microsoft Dynamics 365 Finance, described as a spoofing vulnerability that could allow an attacker to impersonate another user. Public sources consistently label Dynamics 365 Finance as the affected product and summarize the impact as UI spoofing/impersonation. The initial ...
CVE-2023-21573
CVE-2023-21573 in Microsoft Dynamics 365 (on-premises) is a documented Cross-site Scripting (XSS) vulnerability. The NVD entry lists a CVSS v3.1 base score of 5.4 (Medium) with network attack vector, low complexity, low privileges required, and user interaction needed. The impact is limited to co...
CVE-2023-21571
CVE-2023-21571 is a Microsoft Dynamics 365 (on-premises) Cross-site Scripting vulnerability affecting Dynamics 365 on-premises versions 9.0 and 9.1. The issue is confirmed in multiple sources and has a CVSS v3.1 base score of 5.4 (Medium) with network access required and user interaction. Remedia...
CVE-2023-21572
CVE-2023-21572 affects Microsoft Dynamics 365 (on-premises) with a cross-site scripting vulnerability. The NVD entry documents a CVSS v3.1 base score of 6.5 (Network, Low attack complexity, User interaction required) and notes the vulnerability as a Microsoft Dynamics 365 (on‑premises) XSS issue....
CVE-2024-43476
CVE-2024-43476 : A cross-site scripting vulnerability exists in Microsoft Dynamics 365 (on-premises). The root cause is improper validation of user-supplied input before rendering it to users, leading to potential cookie-based credential theft and other XSS impacts. The CVSS v3.1 base score is 7....
CVE-2023-36800
CVE-2023-36800 is an XSS vulnerability affecting Microsoft Dynamics 365 (on-premises) / Dynamics 365 for Finance and Operations (on-premises) — specifically versions 9.0 and 9.1. The root cause is described as insufficient protection of the web page structure, enabling remote exploitation to spoo...
CVE-2025-62211
Summary (CVE-2025-62211) : A cross-site scripting vulnerability in Microsoft Dynamics 365 Field Service (online) allows an authorized attacker to spoof the user interface over a network due to improper neutralization of input during web page generation. The CVSS metrics (AV:N/AC:L/PR:L/UI:R/S:C/C...
CVE-2025-62210
CVE-2025-62210 affects Dynamics 365 Field Service (online). The issue is an improper neutralization of input during web page generation (XSS) in Dynamics 365 Field Service (online), enabling an authorized attacker to perform spoofing over the network. Affected software is Dynamics 365 Field Servi...