Описание
Dynamics 365 Field Service (online) Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
FAQ
What actions do customers need to take to protect themselves from this vulnerability?
Customers running Dynamics 365 Field Service (online) need to go to the Power Platform admin center and apply the updates. See Update apps and solutions for more information about updating your Field Service app.
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.
According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?
An authorized attacker must send the user a malicious link and convince the user to open it.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.7 High
CVSS3
Связанные уязвимости
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
Уязвимость программного обеспечения Dynamics 365 Field Service, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить спуфинг атаки
EPSS
8.7 High
CVSS3