Dynamics CRM 2013 SP1 security vulnerability sparks 'all hands on deck' response from Microsoft

January 8 2015

A "DOM-based self-XSS vulnerability" for Microsoft Dynamics CRM 2013 SP1 was recently discovered by IT security firm High-Tech Bridge. If exploited, it could be used for cross-site scripting (XSS) attacks against authenticated Dynamics CRM users.

About Jason Gumpert

As the editor of MSDynamicsWorld.com, Jason oversees all editorial content on the site and at our events, as well as providing site management and strategy. He can be reached at jgumpert@msdynamicsworld.com.

Prior to co-founding MSDynamicsWorld.com, Jason was a Principal Software Consultant at Parametric Technology Corporation (PTC), where he implemented solutions, trained customers, managed software development, and spent some time in the pre-sales engineering organization. He has also held consulting positions at CSC Consulting and Monitor Group.

More about Jason Gumpert

Comments

Andrey25's picture

According to High-Tech Bridge. Vulnerable Versions:(6.1.1.132) (DB 6.1.1.132) which is CRM 2013 SP1 Update Rollup 1.

jgumpert's picture

Thanks, we'll update that point.