Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.

CVE-2025-53728: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-49745: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?**

The user would have to navigate to a page with malicious content to be compromised by the attacker.

Tag

#Microsoft Dynamics 365 (on-premises)