CVE-2021-40440 — Cross-site Scripting in Microsoft Dynamics 365 Business Central 2020 Release Wave 2 Update 17.10

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.8%

top 26.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

3

Microsoft Dynamics 365 Business Central 2020 Release Wave 2 Update 17.10 Microsoft Dynamics 365 Business Central 2021 Release Wave 1 Update 18.5 Microsoft Dynamics 365 Business Central

Timeline

PublishedSep 15

Latest updateMay 24

Description

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5microsoft/microsoft_dynamics_365_business_central_2021_release_wave_1_update_18.518.0.0.0 — App Build 18.5.29545, Platform Build 18.0.29486

▶CVEListV5microsoft/microsoft_dynamics_365_business_central_2020_release_wave_2_update_17.1017.0.0.0 — App Build 17.10.29463, Platform Build 17.0.29460

▶NVDmicrosoft/dynamics_365_business_central2020, 2021+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-7hv9-m3f4-mcw5: Microsoft Dynamics Business Central Cross-site Scripting Vulnerability↗2022-05-24

▶

CVEList

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability↗2021-09-15

▶

📋Vendor Advisories

1

Microsoft

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability↗2021-09-14

▶

CVE-2021-40440 — Cross-site Scripting in Microsoft | cvebase