The vulnerability is an improper neutralization of input during web page generation, identified as a cross‑site scripting (CWE‑79) flaw in Microsoft Account services. Injected scripts execute in the context of the authenticated user, enabling an attacker to generate a spoofed account page that appears legitimate. The attacker can then use the impersonated interface to trick users into revealing credentials, session tokens, or other sensitive information, effectively facilitating phishing or credential theft.

Microsoft Account services are affected. The CVE entry does not specify particular build or release numbers; all publicly available Microsoft Account deployments should be treated as potentially vulnerable until an official security update is applied.

The vulnerability carries a high CVSS score of 9.3, yet an EPSS of less than 1 % indicates a very low but non‑zero exploitation likelihood. It is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation requires the delivery of malicious JavaScript to a user’s browser, typically via a malicious webpage or a compromised Microsoft Account session that embeds user input into the portal. Once the script runs, the attacker can manipulate the page to impersonate Microsoft services and harvest sensitive data. The combination of high severity and low exploitation probability suggests that vendors and administrators should prioritize applying the patch, as the potential impact is substantial.