CVE-2024-21395
CVSS 3.1 Score 8.2 of 10 (high)
Details
Summary
CVE-2024-21395 is a newly disclosed cross-site scripting (XSS) vulnerability affecting Microsoft Dynamics 365 installations that are run on-premises. Maliciously crafted web scripts can be injected into affected Dynamics 365 pages, allowing attackers to execute unauthorized code in users' browsers. This could lead to information disclosure, session hijacking, or other unintended actions. Microsoft has released a security update to address this issue, and it is strongly recommended that organizations using on-premises Dynamics 365 installations apply the patch as soon as possible to mitigate the risk of exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Dynamics 365
Affected Vendors
- Microsoft