Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability - CVE-2023-21570ID: oval:org.secpod.oval:def:87637 | Date: (C)2023-02-16 (M)2024-05-31 |
Class: VULNERABILITY | Family: windows |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL. The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker. The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.
Platform: |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 11 |
Microsoft Windows 7 |
Microsoft Windows Server |
Product: |
Microsoft Dynamics 365 |