Exposures › CVE-2026-47646
Microsoft Dynamics 365 Customer Voice allows cross-site scripting (XSS) via improper input neutralization, enabling spoofing attacks.
This critical vulnerability in Microsoft Dynamics 365 Customer Voice allows attackers to perform spoofing over a network through improper input neutralization. DIB organizations using Microsoft Dynamics 365 Customer Voice are exposed to credential theft and session hijacking, requiring immediate patching and network segmentation to mitigate risk.
Shame score — A critical XSS vulnerability in a widely used Microsoft product that enables spoofing but does not directly enable remote code execution.
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.
No correlated FedRAMP products.