Microsoft: >> Copilot Studio Security Vulnerabilities
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
CVSS Score
9.3
EPSS Score
0.003
Published
2024-11-26
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
CVSS Score
7.4
EPSS Score
0.022
Published
2024-10-09
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
CVSS Score
8.5
EPSS Score
0.024
Published
2024-08-06