CVE-2024-21360

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 13, 2024

Updated: May 29, 2024

CWE ID 122

Summary

CVE-2024-21327 is a newly disclosed cross-site scripting (XSS) vulnerability affecting Microsoft Dynamics 365 Customer Engagement. Malicious actors can exploit this flaw by injecting malicious code into a vulnerable page, potentially gaining unauthorized access to user sessions or stealing sensitive data. This issue poses a serious risk to organizations that use the affected software, especially those with publicly accessible instances. Microsoft has released a patch to address this vulnerability, and it is strongly recommended that users apply the update as soon as possible to mitigate potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ugdBq2
https://www.cve.org/CVERecord?id=CVE-2024-21360
https://nvd.nist.gov/vuln/detail/CVE-2024-21360

Back to Vulnerability Database

CVE-2024-21360

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations