CVE-2024-38166 - K7 Labs

<< Back

CVE Number	Vulnerability	Product	Severity	Date
CVE-2024-38166	Microsoft Dynamics 365 Cross-site Scripting Vulnerability	Microsoft Dynamics 365	Critical	10-09-2024

Technical Information

Due to improper neutralization of input while generating web pages in Microsoft Dynamics 365, an unauthenticated attacker be able perform XSS attack and spoof over a network by tricking a user to click on a link.

Patch release date: Aug 13, 2024
Further information on this vulnerability is available at : CVE-2024-38166

Affected Software

Dynamics CRM Service Portal Web Resource