Cross-Site Scripting in Microsoft Teams via Dynamics and Microsoft Stream Domains | allinfosecnews.com

July 17, 2023, 4:51 p.m. | Evan Grant

Tenable Research Advisories www.tenable.com

Cross-Site Scripting in Microsoft Teams via Dynamics and Microsoft Stream Domains

A researcher at Tenable discovered a number of issues which could result in cross-site scripting (XSS) vulnerabilities being triggered in the context of a Microsoft Teams web and desktop clients, which could lead to the theft of authentication tokens for Microsoft Teams and other Microsoft services.

Background

As noted in https://www.tenable.com/security/research/tra-2023-6, an XSS in a valid domain for a fully trusted app in Microsoft Teams can lead to …

authentication clients context cross-site desktop domains microsoft microsoft teams researcher result scripting stream teams tenable theft vulnerabilities web xss

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 1 week, 6 days ago | www.tenable.com

app application exploitation management +9

Karros Technologies Authentication Bypass 1 week, 6 days ago | www.tenable.com

authentication authentication bypass bypass technologies

Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 2 weeks, 1 day ago | www.tenable.com

avalanche big buffer buffer overflow +12

Path Traversal Affecting Multiple CData Products 3 weeks, 6 days ago | www.tenable.com

application attachment cookie date +14

LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com

assistant led vulnerabilities

Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com

arcserve data data protection protection +1

Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com

analytics azure azure synapse caching +8

Showdownjs Denial of Service 2 months ago | www.tenable.com

can command concept conditions +17

Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com

accesstoken admin adobe authentication +9

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Data Privacy Manager m/f/d)

@ Coloplast | Hamburg, HH, DE

View on infosec-jobs.com

Cybersecurity Sr. Manager

@ Eastman | Kingsport, TN, US, 37660

View on infosec-jobs.com

KDN IAM Associate Consultant

@ KPMG India | Hyderabad, Telangana, India

View on infosec-jobs.com

Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)

@ Bosch Group | Stuttgart, Germany

View on infosec-jobs.com

Senior Security Engineer - SIEM

@ Samsara | Remote - US

View on infosec-jobs.com