CVE-2024-38166

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics CRM (affected versions not specified) Microsoft Dynamics 365 (affected versions not specified)

Description The issue exists due to inadequate protection of the web page structure in Microsoft Dynamics CRM, allowing for improper neutralization of input during web page generation. This can be exploited by an unauthenticated attacker to conduct spoofing attacks over a network by tricking a user into clicking on a link. The exploitation may lead to malicious code execution.

Recommendations For Microsoft Dynamics CRM, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Dynamics 365, patch immediately to resolve the issue and monitor for signs of compromise.