CVE-2020-16859

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 (affected versions not specified)

Description: The issue is related to insufficient protection of the web page structure in Microsoft Dynamics 365, allowing for cross-site scripting attacks. An authenticated attacker could exploit this by sending a specially crafted request to an affected Dynamics server, potentially leading to the execution of scripts in the context of the current authenticated user. This could enable the attacker to read unauthorized content, use the victim's identity to take actions within the Dynamics server, and inject malicious content into the user's browser.

Recommendations: For Microsoft Dynamics 365, apply the security update that addresses the vulnerability by ensuring Dynamics Server properly sanitizes web requests. As a temporary workaround, consider restricting access to sensitive areas of the Dynamics server to minimize the risk of exploitation.