Login Sign Up

CVE-2024-21328

7.6 HIGH
Cross-Site Scripting

📋 TL;DR

CVE-2024-21328 is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 Sales that allows attackers to inject malicious scripts into web pages viewed by other users. This affects organizations using Dynamics 365 Sales, potentially compromising user sessions and data. The vulnerability requires user interaction to be exploited.

💻 Affected Systems

Products:
  • Microsoft Dynamics 365 Sales
Versions: All versions prior to the security update
Operating Systems: Windows Server, Linux (for cloud deployments)
Default Config Vulnerable: ⚠️ Yes
Notes: Cloud deployments of Dynamics 365 Sales are automatically updated by Microsoft; on-premises deployments require manual patching.

📦 What is this software?

Dynamics 365 by Microsoft

View all CVEs affecting Dynamics 365 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or compromise sensitive business data.

🟠

Likely Case

Session hijacking, credential theft, or unauthorized access to Dynamics 365 Sales data through crafted malicious links.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction (clicking a malicious link) and basic knowledge of XSS payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security update released in January 2024

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21328

Restart Required: No

Instructions:

1. For cloud deployments: Microsoft automatically applies updates. 2. For on-premises: Download and apply the latest Dynamics 365 Sales security update from Microsoft Update Catalog. 3. Verify the update is applied through the Dynamics 365 admin center.

🔧 Temporary Workarounds

Implement Content Security Policy (CSP)

all

Restricts sources of executable scripts to prevent XSS payloads from executing.

Add CSP header: Content-Security-Policy: default-src 'self'; script-src 'self'

Input Validation and Output Encoding

all

Sanitize user inputs and encode outputs to prevent script injection.

🧯 If You Can't Patch

  • Restrict user permissions to minimize impact if exploited.
  • Monitor for unusual user activity or unexpected script executions in Dynamics 365 logs.

🔍 How to Verify

Check if Vulnerable:

Check Dynamics 365 Sales version against the patched version in the Microsoft advisory.

Check Version:

In Dynamics 365 admin center: Settings > System > About

Verify Fix Applied:

Verify the security update is listed as installed in the Dynamics 365 admin center or Windows Update history.

📡 Detection & Monitoring

Log Indicators:

  • Unusual user activity patterns
  • Requests with suspicious script tags or JavaScript in URLs

Network Indicators:

  • Outbound connections to unknown domains following Dynamics 365 access

SIEM Query:

source="dynamics365" AND (url="*<script>*" OR url="*javascript:*")

📊 Metadata

CVE ID: CVE-2024-21328
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
CWE: CWE-79
Published: February 13, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21328, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)