CVE-2024-21395

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Feb 13, 2024
Updated: May 29, 2024
CWE ID 79

Summary

CVE-2024-21395 is a newly disclosed cross-site scripting (XSS) vulnerability affecting Microsoft Dynamics 365 installations that are run on-premises. Maliciously crafted web scripts can be injected into affected Dynamics 365 pages, allowing attackers to execute unauthorized code in users' browsers. This could lead to information disclosure, session hijacking, or other unintended actions. Microsoft has released a security update to address this issue, and it is strongly recommended that organizations using on-premises Dynamics 365 installations apply the patch as soon as possible to mitigate the risk of exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share