VDB

GCVE-VVD-NCSC-2024-338

GCVE-VVD-NCSC-2024-338
Advisory PublishedCVSS 8.2/10
Vulnetix · Advisory published August 13, 2024
Microsoft heeft kwetsbaarheden verholpen in Dynamics.
Download JSON Open in Console

Weaknesses (CWE)

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-601URL Redirection to Untrusted Site ('Open Redirect')

Risk Scores

CVSS 3.1
8.2/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
microsoftdynamics_crm_service_portal_web_resource
microsoftdynamics_365
microsoftmicrosoft_dynamics_365__on-premises__version_9.1

Aliases

CVE-2024-38166CVE-2024-38211

Transitive aliases

MSRC_CVE-2024-38166VVD-CISA-2024-38211BDU:2024-06438WID-SEC-W-2024-1778GHSA-9x8m-8qxp-gj73EUVD-2024-37178BDU:2024-07801CNVD-2024-40537WID-SEC-W-2024-1824VVD-CISA-2024-38166MSRC_CVE-2024-38211GHSA-v68h-j2w8-x6w3CNVD-2024-40538EUVD-2024-37139

References

advisory
advisory
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›