Microsoft Dynamics NAV CVE-2018-8651 Cross Site Scripting Vulnerability

Bugtraq ID:	106077
Class:	Input Validation Error
CVE:	CVE-2018-8651
Remote:	Yes
Local:	No
Published:	Dec 11 2018 12:00AM
Updated:	Dec 11 2018 12:00AM
Credit:	Mayank Kapoor of Lateral Security
Vulnerable:	Microsoft Dynamics NAV 2017 Microsoft Dynamics NAV 2016
Not Vulnerable:

Microsoft Dynamics NAV CVE-2018-8651 Cross Site Scripting Vulnerability

Microsoft Dynamics NAV is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content, or inject malicious content.

Microsoft Dynamics NAV 2016 and 2017 versions are vulnerable.

Microsoft Dynamics NAV CVE-2018-8651 Cross Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.

Microsoft Dynamics NAV CVE-2018-8651 Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Microsoft Dynamics NAV CVE-2018-8651 Cross Site Scripting Vulnerability

References:

• Microsoft Homepage (Microsoft)
  
• CVE-2018-8651 | Microsoft Dynamics NAV Cross Site Scripting Vulnerability (Microsoft)