CVE-2022-21932: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
Overview
- Severity
- High (CVSS 7.6)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
- Category
- Spoofing
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2022-Jan
- Released
- 2022-01-11
- Last Updated
- 2022-01-11
- EPSS Score
- 0.43% (percentile: 62.3%)
Affected Products (1)
Microsoft Dynamics
- Microsoft Dynamics 365 Customer Engagement V9.0
Security Updates (1)
Acknowledgments
<a href="http://vnprogramming.com"> Pham Van Khanh </a> @rskvp93 from Viettel Cyber Security
Revision History
- 2022-01-11: Information published.
- 2022-01-11: The following revisions have been made: 1) In the Security Updates table, removed Microsoft Dynamics 365 Customer Engagement V9.1 as it is not affected by this vulnerability. 2) Added the update information for Microsoft Dynamics 365 Customer Engagement V9.0.