CVE-2020-16859 — Cross-site Scripting in Microsoft Dynamics 365 Version 9.0

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.4%

top 39.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Dynamics 365 Version 9.0 Microsoft Dynamics 365

Timeline

PublishedSep 11

Latest updateMay 24

Description

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5microsoft/microsoft_dynamics_365_version_9.09.0.0 — publication

▶NVDmicrosoft/dynamics_3659.0

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-px89-3629-p2hp: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an↗2022-05-24

▶

CVEList

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability↗2020-09-11

▶

📋Vendor Advisories

Microsoft

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability↗2020-09-08

▶