Dynamics 365 Sales Spoofing Vulnerability. The vulnerability is in the web server, but the malicious scripts execute in the victim's browser on their machine. The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.