Microsoft · Teams · CVE-2020-10146
**Name of the Vulnerable Software and Affected Versions**
Microsoft Teams (affected versions not specified)
**Description**
The Microsoft Teams online service contains a stored cross-site scripting issue in the `displayName` parameter. This can be exploited on Teams clients to obtain sensitive information, such as authentication tokens, and possibly execute arbitrary commands.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.