Ashar Javed

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 (on-premises) (affected versions not specified) **Description** The issue is related to insufficient protection of the web page structure in Microsoft Dynamics 365, which can lead to cross-site scripting attacks. An attacker, acting remotely, can exploit this issue to perform such attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 (on-premises) (affected versions not specified) **Description** The issue is related to a lack of protection of the web page structure in Microsoft Dynamics 365, which can lead to cross-site scripting attacks. An attacker can exploit this by using a specially crafted malicious link to perform remote cross-site scripting attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 (on-premises) (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to conduct spoofing attacks using a specially crafted request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 (affected versions not specified) Description: The issue is related to insufficient protection of the web page structure in Microsoft Dynamics 365, allowing for cross-site scripting attacks. An authenticated attacker could exploit this by sending a specially crafted request to an affected Dynamics server, potentially leading to the execution of scripts in the context of the current authenticated user. This could enable the attacker to read unauthorized content, use the victim's identity to take actions within the Dynamics server, and inject malicious content into the user's browser. Recommendations: For Microsoft Dynamics 365, apply the security update that addresses the vulnerability by ensuring Dynamics Server properly sanitizes web requests. As a temporary workaround, consider restricting access to sensitive areas of the Dynamics server to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 (on-premises) (affected versions not specified) Description: A remote code execution issue exists due to the server's failure to properly sanitize web requests. An authenticated attacker could exploit this by sending a specially crafted request, potentially allowing them to run arbitrary code in the context of the SQL service account. The issue is related to insufficient input validation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 (on-premises) (affected versions not specified) **Description** A cross-site scripting issue exists due to improper sanitization of specially crafted web requests to an affected Dynamics server. An authenticated attacker could exploit this by sending a specially crafted request, allowing them to perform cross-site scripting attacks. These attacks could enable the attacker to read unauthorized content, use the victim's identity to take actions within Dynamics Server, such as changing permissions and deleting content, and inject malicious content into the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 (on-premises) (affected versions not specified) **Description** The issue is related to insufficient protection of the web page structure in Microsoft Dynamics 365, which can lead to cross-site scripting attacks. An attacker can exploit this by sending a specially crafted web request to the affected Dynamics server, potentially allowing them to perform actions such as injecting malicious scripts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified) **Description** The issue is related to insufficient access controls in Microsoft SharePoint, allowing a remote attacker to elevate their privileges. An authenticated attacker can send a specially crafted request to an affected server, enabling the impersonation of another SharePoint user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** A cross-site scripting issue exists due to the improper sanitization of specially crafted web requests. This could allow an authenticated attacker to send a crafted request, enabling cross-site scripting attacks on affected systems. The attacker could then run scripts in the context of the current user, potentially reading unauthorized content, using the victim's identity to change permissions or delete content, and injecting malicious content into the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** A cross-site scripting issue exists due to the improper sanitization of specially crafted web requests. This could allow an authenticated attacker to perform cross-site scripting attacks, potentially enabling them to read unauthorized content, use the victim's identity to change permissions or delete content, and inject malicious content into the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** A cross-site-scripting (XSS) issue exists due to the improper sanitization of specially crafted web requests. This could allow an authenticated attacker to send a crafted request, enabling them to perform cross-site scripting attacks, read unauthorized content, use the victim's identity to change permissions and delete content, and inject malicious content into the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Foundation and Microsoft SharePoint Enterprise Server (affected versions not specified) **Description** The issue exists due to insufficient input validation, allowing a remote attacker to perform cross-site scripting attacks by sending a specially crafted web request to an affected server. This could enable the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, such as changing permissions and deleting content, and inject malicious content into the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** The issue is related to the lack of input sanitization in Microsoft SharePoint Server, which can be exploited by a remote attacker to perform cross-site scripting attacks. This could allow the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, change permissions, delete content, and inject malicious content into the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** The issue arises from Microsoft SharePoint Server's failure to properly sanitize specially crafted web requests, allowing for elevation of privilege. An authenticated attacker can exploit this by sending a specially crafted request to an affected server, potentially leading to cross-site scripting attacks. This could enable the attacker to read unauthorized content, use the victim's identity to alter permissions and delete content on the SharePoint site, and inject malicious content into the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server (affected versions not specified) Description: The issue arises from the improper sanitization of specially crafted web requests to an affected SharePoint server. This could allow a remote attacker to perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacker could then read unauthorized content, use the victim's identity to take actions on the SharePoint site, such as changing permissions and deleting content, and inject malicious content into the user's browser. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server (affected versions not specified) Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This can be exploited by sending a specially crafted request to the vulnerable server, allowing an attacker to perform cross-site scripting attacks. Successful exploitation could enable the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, and inject malicious content into the user's browser. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server (affected versions not specified) Description: The issue exists due to inadequate protection of the web page structure. An attacker could exploit this by sending a specially crafted request to the vulnerable server, potentially allowing cross-site scripting attacks. This could enable the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, and inject malicious content into the user's browser. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** A cross-site-scripting (XSS) issue exists due to improper sanitization of specially crafted web requests to an affected SharePoint server. This could allow a remote attacker to perform cross-site scripting attacks with elevated privileges. The attacks may enable the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, such as changing permissions and deleting content, and inject malicious content into the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Server (affected versions not specified) **Description** An elevation of privilege issue exists due to improper sanitization of specially crafted web requests. This could allow an attacker to perform cross-site scripting attacks, read unauthorized content, use the victim's identity to take actions on the SharePoint site, and inject malicious content into the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint Enterprise Server (affected versions not specified) **Description** The issue is related to insufficient access control in Microsoft SharePoint Server, allowing a remote attacker to elevate their privileges using a specially crafted request. This could enable the attacker to perform cross-site scripting attacks, read unauthorized content, use the victim's identity to take actions on the SharePoint site, and inject malicious content into the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.