This post has been republished via RSS; it originally appeared at: MSRC Security Update Guide.
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.