COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-47646

CVE-2026-47646

Severity
critical
Source
NVD · cve
Published
2026-07-09
CVSS
9.3
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-47646
shame 45/100 unpatchedexploited-in-wild

Microsoft Dynamics 365 Customer Voice allows cross-site scripting (XSS) via improper input neutralization, enabling spoofing attacks.

This critical vulnerability in Microsoft Dynamics 365 Customer Voice allows attackers to perform spoofing over a network through improper input neutralization. DIB organizations using Microsoft Dynamics 365 Customer Voice are exposed to credential theft and session hijacking, requiring immediate patching and network segmentation to mitigate risk.

Shame score — A critical XSS vulnerability in a widely used Microsoft product that enables spoofing but does not directly enable remote code execution.

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.