Skip to main content

Dynamics 365 Customer Voice

1 CVEs product

Monthly

CVE-2026-47646 MEDIUM PATCH NO ACTION HOSTED Monitor

Cross-site scripting in Microsoft Dynamics 365 Customer Voice allows a remote, unauthenticated attacker to inject script that executes in a victim's browser session and perform spoofing once the victim interacts with attacker-supplied content. The flaw carries a CVSS 9.3 rating driven largely by a scope change (S:C), meaning injected script escapes into a different security context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

XSS Dynamics 365 Customer Voice
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
EPSS 0% CVSS 6.1
MEDIUM PATCH NO ACTION HOSTED Monitor

Cross-site scripting in Microsoft Dynamics 365 Customer Voice allows a remote, unauthenticated attacker to inject script that executes in a victim's browser session and perform spoofing once the victim interacts with attacker-supplied content. The flaw carries a CVSS 9.3 rating driven largely by a scope change (S:C), meaning injected script escapes into a different security context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

XSS Dynamics 365 Customer Voice
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy