Vulnerability Description
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8607, CVE-2018-8608.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Dynamics 365 | >= 8.0, < 8.2.3.0003 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105890Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8606PatchVendor Advisory
- http://www.securityfocus.com/bid/105890Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8606PatchVendor Advisory
FAQ
What is CVE-2018-8606?
CVE-2018-8606 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsof...
How severe is CVE-2018-8606?
CVE-2018-8606 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-8606?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Dynamics 365.