Improper neutralization of input during web page generation (‘Cross-site Scripting’) in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
CVE-2024-49038 Microsoft Copilot Studio Elevation Of Privilege Vulnerability
Published November 26, 2024
