Vulnerabilities > CVE-2024-49038 - Unspecified vulnerability in Microsoft Copilot Studio

CVSS 9.6 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

microsoft

critical

NVD

Published: 2024-11-26

Updated: 2025-01-09

Summary

Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Copilot Studio -	1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49038