Spoofing

🟠 High | Source: Microsoft Security Response Center CVE-2026-32208 is a cross-site scripting (XSS) vulnerability in Microsoft Edge (Chromium-based) that allows an authenticated attacker to perform spoofing attacks over a network. The flaw stems from improper handling of user input during web page generation, meaning malicious content could be injected and rendered in a victim’s browser session. This is particularly relevant in enterprise environments where Edge is widely deployed for accessing cloud portals and internal web applications. ...

🟠 High | Source: Microsoft Security Response Center CVE-2026-47646 is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 Customer Voice that allows an unauthenticated attacker to perform spoofing attacks over a network. The flaw stems from improper handling of user-supplied input during web page generation, meaning malicious content could be injected and rendered in a victim’s browser. Because no authentication is required to exploit this, the potential reach is broad for any organisation using Customer Voice externally. ...

🟠 High | Source: Microsoft Security Response Center CVE-2026-47636 is a spoofing vulnerability affecting Microsoft SharePoint Server, which could allow an attacker to impersonate another user or system within the platform. Spoofing vulnerabilities can undermine trust and authentication controls, potentially enabling further attacks such as phishing, data exfiltration, or lateral movement. This update is an acknowledgement change only and carries no new technical detail or patch. Security Architect’s Take: Verify that the latest SharePoint Server cumulative updates are applied across your estate, and review audit logs for any anomalous authentication or identity-related activity. No immediate action is required in response to this specific advisory update, but treat the underlying CVE as a prompt to confirm patch compliance. ...