CVE-2021-1724

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.8MEDIUM

EPSS

0.9%

top 23.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

9

Microsoft Dynamics 365 Business Central 2019 Release Wave 2 (on-premise)Microsoft Microsoft Dynamics 365 Business Central 2020 Release Wave 1 Microsoft Microsoft Dynamics 365 Business Central 2020 Release Wave 2 +6 more

Timeline

PublishedFeb 25

Latest updateMay 24

Description

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:NExploitability: 1.7 | Impact: 4.0

Affected Packages9 packages

▶CVEListV5microsoft/microsoft_dynamics_365_business_central_2020_release_wave_116.0.0 — publication

▶CVEListV5microsoft/microsoft_dynamics_365_business_central_2020_release_wave_217.0.0 — publication

▶CVEListV5microsoft/dynamics_365_business_central_2019_release_wave_2_(on-premise)15.0.0 — publication

▶NVDmicrosoft/dynamics_365_business_central2019, 2020+1

▶CVEListV5microsoft/microsoft_dynamics_nav_20151.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-8qq3-mrrg-37qg: Microsoft Dynamics Business Central Cross-site Scripting Vulnerability↗2022-05-24

▶

CVEList

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability↗2021-02-25

▶

📋Vendor Advisories

1

Microsoft

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability↗2021-02-09

▶

CVE-2021-1724 (MEDIUM CVSS 4.8) | Microsoft Dynamics Business Central | cvebase.io