An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.Referenceshttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38166