CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-49745

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.8%

CVSS Severity

CVSS v3 Score 5.4

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49745

Products affected by CVE-2025-49745

Microsoft » Dynamics 365 » Version: 9.1

cpe:2.3:a:microsoft:dynamics_365:9.1
Microsoft » Dynamics 365 » Version: 9.1.16.20

cpe:2.3:a:microsoft:dynamics_365:9.1.16.20
Microsoft » Dynamics 365 » Version: 9.1.17.29

cpe:2.3:a:microsoft:dynamics_365:9.1.17.29
Microsoft » Dynamics 365 » Version: 9.1.18.22

cpe:2.3:a:microsoft:dynamics_365:9.1.18.22
Microsoft » Dynamics 365 » Version: 9.1.21.05

cpe:2.3:a:microsoft:dynamics_365:9.1.21.05
Microsoft » Dynamics 365 » Version: 9.1.22.04

cpe:2.3:a:microsoft:dynamics_365:9.1.22.04
Microsoft » Dynamics 365 » Version: 9.1.23.10

cpe:2.3:a:microsoft:dynamics_365:9.1.23.10
Microsoft » Dynamics 365 » Version: 9.1.26

cpe:2.3:a:microsoft:dynamics_365:9.1.26
Microsoft » Dynamics 365 » Version: 9.1.32

cpe:2.3:a:microsoft:dynamics_365:9.1.32

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-49745

Products

Pricing

Contact Us