Headline
CVE-2024-21327: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.