Vulnerabilities > Microsoft > Copilot Studio

DATE CVE VULNERABILITY TITLE RISK
2024-11-26 CVE-2024-49038 Unspecified vulnerability in Microsoft Copilot Studio
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
network
low complexity
microsoft
critical
 9.6
9.6
2024-10-09 CVE-2024-43610 Unspecified vulnerability in Microsoft Copilot Studio
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
network
low complexity
microsoft
7.5
7.5
2024-08-06 CVE-2024-38206 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Copilot Studio
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
network
low complexity
microsoft CWE-918
6.5
6.5