CVE DATABASE / CVE-2024-49038
CVE-2024-49038
CVSS 9.3 · CRITICAL
Summary
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
CVSS 3.1 breakdown
| Base score | 9.3 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | CHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | NONE |
Weakness type (CWE)
Affected products
Microsoft copilot studio
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
Data: NIST NVD. NVD last modified 2025-01-09. Always verify against the vendor advisory before acting.