CVE-2019-1375 — Cross-site Scripting in Microsoft Dynamics 365

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.9%

top 23.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Dynamics 365 Microsoft Dynamics 365

Timeline

PublishedOct 10

Latest updateMay 24

Description

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDmicrosoft/dynamics_3659.0 — 9.0.9.4

▶CVEListV5microsoft/microsoft_dynamics_3659.0

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-j6v6-65ff-47wq: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an↗2022-05-24

▶

CVEList

CVE-2019-1375: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an↗2019-10-10

▶

📋Vendor Advisories

Microsoft

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability↗2019-10-08

▶

💬Community

Bugzilla

CVE-2019-13753 sqlite: fts3: incorrectly removed corruption check↗2019-12-11

▶