CVE-2024-38166

An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:dynamics_crm_service_portal_web_resource:-:*:*:*:*:*:*:*

History

12 Aug 2024, 18:33

Type Values Removed Values Added
CPE cpe:2.3:a:microsoft:dynamics_crm_service_portal_web_resource:-:*:*:*:*:*:*:*
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38166 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38166 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : 8.2
v2 : unknown
v3 : 6.1
First Time Microsoft dynamics Crm Service Portal Web Resource
Microsoft

07 Aug 2024, 15:17

Type Values Removed Values Added
Summary
  • (es) Un atacante no autenticado puede aprovechar la neutralización inadecuada de la entrada durante la generación de una página web en Microsoft Dynamics 365 para falsificar una red engañando a un usuario para que haga clic en un enlace.

06 Aug 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 22:15

Updated : 2024-08-14 00:15


NVD link : CVE-2024-38166

Mitre link : CVE-2024-38166

CVE.ORG link : CVE-2024-38166


JSON object : View

Products Affected

microsoft

  • dynamics_crm_service_portal_web_resource
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')