Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. On successful exploitation, there could be a loss of confidentiality if an unaware user clicked on a popup therefore creating an opportunity for an attacker to retrieve cookies or present the user with a dialog box to enter user credentials.