Microsoft Dynamics 365 CVE-2018-8606 Cross Site Scripting Vulnerability

Bugtraq ID:	105890
Class:	Input Validation Error
CVE:	CVE-2018-8606
Remote:	Yes
Local:	No
Published:	Nov 13 2018 12:00AM
Updated:	Nov 13 2018 12:00AM
Credit:	Microsoft
Vulnerable:	Microsoft Dynamics 365 (on-premises) 8
Not Vulnerable:

Microsoft Dynamics 365 CVE-2018-8606 Cross Site Scripting Vulnerability

Microsoft Dynamics 365 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content, or inject malicious content.

Dynamics 365 (on-premises) 8 is vulnerable; other versions may also be affected.

Microsoft Dynamics 365 CVE-2018-8606 Cross Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.

Microsoft Dynamics 365 CVE-2018-8606 Cross Site Scripting Vulnerability

References:

• Microsoft Homepage (Microsoft)
  
• CVE-2018-8606 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Script (Microsoft)