all InfoSec news
Cross-Site Scripting in Microsoft Teams via Dynamics and Microsoft Stream Domains
Tenable Research Advisories www.tenable.com
A researcher at Tenable discovered a number of issues which could result in cross-site scripting (XSS) vulnerabilities being triggered in the context of a Microsoft Teams web and desktop clients, which could lead to the theft of authentication tokens for Microsoft Teams and other Microsoft services.
Background
As noted in https://www.tenable.com/security/research/tra-2023-6, an XSS in a valid domain for a fully trusted app in Microsoft Teams can lead to …
authentication clients context cross-site desktop domains microsoft microsoft teams researcher result scripting stream teams tenable theft vulnerabilities web xss