Marios Gyftos

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server (affected versions not specified) **Description** Improper neutralization of input during web page generation leads to cross-site scripting (XSS), a condition where malicious scripts are injected into trusted websites. Additionally, a server-side request forgery (SSRF) issue exists, which occurs when a server is tricked into making unintended requests to internal or external resources. These flaws allow attackers to perform spoofing over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 (affected versions not specified) **Description** The issue is related to insufficient protection of the web page structure in Microsoft Dynamics 365, allowing a remote attacker to inject arbitrary code into a user-loaded web page. This could lead to unauthorized access to protected information, phishing attacks, and modification of the web page's appearance using specially crafted HTTP requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.