CVE-2021-36946

CWE-79 — Cross-site Scripting (XSS)6 documents5 sources

Severity

5.4MEDIUM

EPSS

1.0%

top 22.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Dynamics 365 Business Central Spring 2019 Update Microsoft Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15 Microsoft Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9 +4 more

Timeline

PublishedAug 12

Latest updateOct 3

Description

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages7 packages

▶CVEListV5microsoft/dynamics_365_business_central_spring_2019_update14.0.0 — Application Build 14.27.47563, Platform Build 14.0

▶CVEListV5microsoft/microsoft_dynamics_365_business_central_2020_release_wave_2_-_update_17.917.0 — Application Build 17.9.28504, Platform Build 17.0.

▶CVEListV5microsoft/microsoft_dynamics_365_business_central_2020_release_wave_1_-_update_16.1516.0 — Application Build 16.15.28500, Platform Build 16.0

▶NVDmicrosoft/dynamics_365_business_central2019, 2020+1

▶CVEListV5microsoft/microsoft_dynamics_nav_20171.0 — 30601

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2022-10-03

▶

OSV

linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, lnux-hwe, inux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2022-09-21

▶

GHSA

GHSA-2fq7-f2fp-mgxx: Microsoft Dynamics Business Central Cross-site Scripting Vulnerability↗2022-05-24

▶

CVEList

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability↗2021-08-12

▶

📋Vendor Advisories

Microsoft

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability↗2021-08-10

▶