Ashish Dhone ./blog

Jul 4, 2026 · 16 min read · 0 views

I Found a Stored XSS in Microsoft Dynamics 365 for $3,000

By Ashish Dhone (@ashketchum) · Bug Bounty Writeup · Microsoft Dynamics 365 and Power Platform Bounty Program

Ashish Dhone

Ashish Dhone

Offensive Security Researcher

How a single unsanitized email field let me execute arbitrary JavaScript in the context of Microsoft's enterprise CRM platform


By Ashish Dhone (@ashketchum) · Bug Bounty Writeup · Microsoft Dynamics 365 and Power Platform Bounty Program

🔒 Subscriber Only

Continue reading for $5/month

Get full access to this post and every future write-up — bug bounty reports, red teaming guides, and offensive security deep-dives.

Supports USD & INR · Cancel anytime

0 reads

⚡ Enjoy this write-up?

Get every post like this — $5/month

Bug bounty reports, red teaming guides, and offensive security write-ups. New content every week. Cancel anytime.

Subscribe now →

Supports in USD & INR · Secure checkout via Dodo Payments

Want personalised guidance?

Book a 1-on-1 strategy call with me — offensive security, red teaming, SOC career path, or breaking into cybersecurity.

Book a session on Topmate →