CVE-2024-21327 - K7 Labs

<< Back

CVE Number	Vulnerability	Product	Severity	Date
CVE-2024-21327	Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability	Microsoft Dynamics 365 Customer Engagement	Important	19-02-2024

Technical Information

By persueing any authenticated user to open a malicious page, an attacker can exploit this vulnerability existing inside web server from running the malicious script on victim’s browser.

Patch release date: Feb 13, 2024
Further information on this vulnerability is available at CVE-2024-21327

Affected Software

Microsoft Dynamics 365 Customer Engagement V9.