CVE-2018-8651

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

1.2%

top 21.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Dynamics NAV Microsoft Dynamics NAV

Timeline

PublishedDec 12

Latest updateMay 14

Description

A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDmicrosoft/dynamics_nav2016, 2017+1

▶CVEListV5microsoft/microsoft_dynamics_nav2016, 2017+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-642p-r2rr-6p6r: A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dyna↗2022-05-14

▶

CVEList

CVE-2018-8651: A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dyna↗2018-12-12

▶

📋Vendor Advisories

Microsoft

Microsoft Dynamics NAV Cross Site Scripting Vulnerability↗2018-12-11

▶