CVE-2020-16871

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 (on-premises) (affected versions not specified)

Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This could allow a remote attacker to perform cross-site scripting attacks using a specially crafted request. An authenticated attacker could exploit this by sending a specially crafted request to the affected Dynamics server, potentially allowing them to read unauthorized content, use the victim's identity to take actions within the Dynamics Server, change permissions, delete content, and inject malicious content into the user's browser.

Recommendations: For Microsoft Dynamics 365 (on-premises), apply the security update that addresses the vulnerability by ensuring Dynamics Server properly sanitizes web requests. As a temporary workaround, consider restricting access to sensitive areas of the Dynamics Server to minimize the risk of exploitation.