CVE-2023-36007 HIGH

CVE-2023-36007: Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability

Vendor Microsoft
Product Send Customer Voice survey from Dynamics 365 app
Weakness CWE-79 · XSS
Published November 14, 2023
Last update October 8, 2025
View on NVD All CVEs

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability

Key dates

02Disclosure timeline

November 14, 2023 CVE published
October 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-31760 WordPress SnapWidget Social Photo Feed Widget plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability CVE-2022-2089 Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting CVE-2025-61676 October CMS Vulnerable to Stored XSS via Branding Styles CVE-2025-9590 Weaver E-Mobile Mobile Management Platform cross site scripting CVE-2026-27072 WordPress PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 11.2.0.1 - Cross Site Scripting (XSS) vulnerability