CVE-2023-24920 MEDIUM

CVE-2023-24920: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Vendor Microsoft
Product Microsoft Dynamics 365 (on-premises) version 9.1
Weakness CWE-352 · CSRF
Published March 14, 2023
Last update February 28, 2025
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Key dates

02Disclosure timeline

March 14, 2023 CVE published
February 28, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-33926 WordPress Easy Google Maps Plugin <= 1.11.7 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-30601 WordPress Flipdish Ordering System plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability CVE-2024-31354 WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-43748 CVE-2020-37046 Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery