The vulnerability of the Microsoft Dynamics 365 resource planning software lies in the lack of protective measures for the website structure, allowing attackers to execute cross-site scripting attacks.

🗓️ 07 Oct 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Microsoft Dynamics 365 lacks protections for website structure, enabling cross-site scripting.

Reporter	Title	Published	Views	Family All 15
Information Security Automation	Microsoft Patch Tuesday September 2020: Zerologon and other exploits, RCEs in SharePoint and Exchange	30 Sep 202023:46	–	avleonov
CNVD	Microsoft Dynamics 365 Cross-Site Scripting Vulnerability (CNVD-2020-52906)	10 Sep 202000:00	–	cnvd
CVE	CVE-2020-16861	11 Sep 202017:08	–	cve
Cvelist	CVE-2020-16861 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	11 Sep 202017:08	–	cvelist
EUVD	EUVD-2020-8819	7 Oct 202500:30	–	euvd
Microsoft KB	Service Update 0.20 for Microsoft Dynamics 365 9.0	8 Sep 202007:00	–	mskb
Microsoft KB	Microsoft Dynamics 365 (on-premises) Update 2.22	8 Sep 202007:00	–	mskb
Kaspersky	KLA11953 Multiple vulnerabilities in Microsoft Dynamics	8 Sep 202000:00	–	kaspersky
Microsoft CVE	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	8 Sep 202007:00	–	mscve
NCSC	Vulnerabilities fixed in Microsoft Dynamics	8 Sep 202000:00	–	ncsc

Vulners

Node

microsoft microsoft_dynamics_365Match8.2

OR

microsoft microsoft_dynamics_365_(on-premises)Match9.0

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16861
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-16861
web	www.web.nvd.nist.gov/view/vuln/detail

07 Oct 2020 00:00Current

6Medium risk

Vulners AI Score6

CVSS 35.4

CVSS 25.5

EPSS0.00541

Microsoft Dynamics 365 cross site scripting website structure lack of protections