Microsoft: >> Teams >> 1.0.0.2023070204 Security Vulnerabilities
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
CVSS Score
8.1
EPSS Score
0.011
Published
2026-06-09
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVSS Score
5.5
EPSS Score
0.005
Published
2026-05-12
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVSS Score
7.1
EPSS Score
0.004
Published
2026-03-16
Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.008
Published
2025-08-12
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
CVSS Score
3.1
EPSS Score
0.004
Published
2025-07-08
Microsoft Teams for Android Information Disclosure Vulnerability
CVSS Score
5.0
EPSS Score
0.012
Published
2024-03-12
Microsoft Teams for Android Information Disclosure Vulnerability
CVSS Score
5.0
EPSS Score
0.01
Published
2024-02-13
Microsoft Teams Information Disclosure Vulnerability
CVSS Score
6.5
EPSS Score
0.015
Published
2023-07-11
Microsoft Teams Denial of Service Vulnerability
CVSS Score
7.5
EPSS Score
0.028
Published
2022-02-09
The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for all Teams users in the online service on or around October 2020.
CVSS Score
5.7
EPSS Score
0.019
Published
2020-12-09
Page 1