Dynamics CRM 2013 SP1 security vulnerability sparks 'all hands on deck' response from Microsoft
A "DOM-based self-XSS vulnerability" for Microsoft Dynamics CRM 2013 SP1 was recently discovered by IT security firm High-Tech Bridge. If exploited, it could be used for cross-site scripting (XSS) attacks against authenticated Dynamics CRM users.
Microsoft responded to the security firm's report by stating that it "does not consider self-XSS issues to be security vulnerabilities," based on standard policies. But a source tells MSDynamicsWorld.com that behind the scenes Microsoft has treated this discovery as an "all hands on deck" issue. They are actively working on a fix for the vulnerability that will be added to an upcoming release or update.
UPDATE: Microsoft has provided the following statement on the matter: