Описание
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?
The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Dynamics 365 (on-premises) version 9.1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
8.2 High
CVSS3
Связанные уязвимости
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Уязвимость программного средства для планирования ресурсов Microsoft Dynamics 365, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки
EPSS
8.2 High
CVSS3