CVE-2021-28461 Dynamics Finance and Operations Cross-site Scripting Vulnerability

🗓️ 11 May 2021 19:11:15Reported by microsoftType

Dynamics Finance and Operations Cross-site Scripting Vulnerabilit

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the Microsoft Dynamics 365 for Finance and Operations resource planning software lies in the lack of security measures for the website structure, allowing attackers to perform cross-site scripting attacks.	26 May 202100:00	–	bdu_fstec
CNNVD	Microsoft Dynamics Finance & Operations 跨站脚本漏洞	11 May 202100:00	–	cnnvd
CVE	CVE-2021-28461	11 May 202119:11	–	cve
EUVD	EUVD-2021-15139	7 Oct 202500:30	–	euvd
Kaspersky	KLA12168 XSS vulnerability in Microsoft Dynamics	11 May 202100:00	–	kaspersky
Microsoft CVE	Dynamics Finance and Operations Cross-site Scripting Vulnerability	11 May 202107:00	–	mscve
NCSC	Vulnerability fixed in Microsoft Dynamics 365 for Finance and Operations	11 May 202100:00	–	ncsc
NVD	CVE-2021-28461	11 May 202119:15	–	nvd
Prion	Cross site scripting	11 May 202119:15	–	prion
Positive Technologies	PT-2021-3093 · Microsoft · Dynamics 365 For Finance/Operations	11 May 202100:00	–	ptsecurity

[
  {
    "vendor": "Microsoft",
    "product": "Dynamics 365 for Finance and Operations",
    "cpes": [
      "cpe:2.3:a:microsoft:dynamics_365:-:*:*:*:*:finance_and_operations:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.793",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28461

28 Dec 2023 23:56Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.1

EPSS0.02422