A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N
Vendors Products
Microsoft
  • Dynamics Nav

Configuration 1 [-]

OR cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/bid/106077 Third Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651 Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2018-12-12T00:00:00

Updated: 2018-12-12T10:57:01

Reserved: 2018-03-14T00:00:00

Link: CVE-2018-8651

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-12-12T00:29:02.013

Modified: 2019-01-03T13:57:38.163

Link: CVE-2018-8651

JSON object: View

cve-icon Redhat Information

No data.

CWE