Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability - CVE-2023-36886ID: oval:org.secpod.oval:def:93002 | Date: (C)2023-09-13 (M)2023-11-06 |
Class: VULNERABILITY | Family: windows |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. The user would have to click on a specially crafted URL to be compromised by the attacker. The vulnerability is in the web server, but the malicious scripts execute in the victim's browser on their machine. Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.
Platform: |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 11 |
Microsoft Windows 7 |
Microsoft Windows Server |
Product: |
Microsoft Dynamics 365 |