CVE-2018-8608 — Cross-site Scripting in Microsoft Dynamics 365

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

1.2%

top 20.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Dynamics 365 Microsoft Dynamics 365

Timeline

PublishedNov 14

Latest updateMay 14

Description

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8607.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDmicrosoft/dynamics_3658.0 — 8.2.3.0003

▶CVEListV5microsoft/microsoft_dynamics_365premises) version 8

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-q58v-959q-6752: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web req↗2022-05-14

▶

CVEList

CVE-2018-8608: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web req↗2018-11-14

▶

📋Vendor Advisories

Microsoft

Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability↗2018-11-13

▶