Unrated severityNVD Advisory· Published Aug 6, 2024· Updated Jul 10, 2025
Microsoft Dynamics 365 Cross-site Scripting Vulnerability
CVE-2024-38166
Description
An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.
Affected products
2- Microsoft/Dynamics CRM Service Portal Web Resourcev5Range: N/A
Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38166mitrevendor-advisory
News mentions
0No linked articles in our index yet.