EUVD-2021-23522

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Microsoft Dynamics Business Central has a cross-site scripting vulnerability identified as EUVD-2021-23522.

Reporter	Title	Published	Views	Family All 22
BDU FSTEC	The vulnerability of the Microsoft Dynamics 365 Business Central and integrated enterprise management system for small and medium-sized businesses lies in the lack of security measures for the website structure. This allows attackers to perform cross-site scripting attacks.	8 Sep 202100:00	–	bdu_fstec
Circl	CVE-2021-36946	12 Aug 202122:40	–	circl
CNNVD	Microsoft Dynamics 跨站脚本漏洞	10 Aug 202100:00	–	cnnvd
CVE	CVE-2021-36946	12 Aug 202118:12	–	cve
Cvelist	CVE-2021-36946 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability	12 Aug 202118:12	–	cvelist
Microsoft KB	Cumulative Update 56 for Microsoft Dynamics NAV 2017 (Build 30601)	10 Aug 202107:00	–	mskb
Microsoft KB	Cumulative Update 43 for Microsoft Dynamics NAV 2018 (Build 47562)	10 Aug 202107:00	–	mskb
Microsoft KB	Cumulative Update 26 for Microsoft Dynamics 365 Business Central April'19 on-premises (Application Build 14.27.47563, Platform Build 14.0.47540)	10 Aug 202107:00	–	mskb
Microsoft KB	Update 16.15 for Microsoft Dynamics 365 Business Central 2020 Release Wave 1 (Application Build 16.15.28500, Platform Build 16.0.28457)	10 Aug 202107:00	–	mskb
Microsoft KB	Update 17.9 for Microsoft Dynamics 365 Business Central 2020 Release Wave 2 (Application Build 17.9.28504, Platform Build 17.0.28458)	10 Aug 202107:00	–	mskb

[
  {
    "enisaIdVendor": [
      {
        "id": "c43f0e27-c676-3976-893d-bc06ff6f4a44",
        "vendor": {
          "name": "Microsoft"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1556267e-4f64-3ada-9ccd-164ac1c586be",
        "product": {
          "name": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15"
        },
        "product_version": "16.0 <Application Build 16.15.28500, Platform Build 16.0"
      },
      {
        "id": "222d6152-902a-349d-93cc-36973c1c25fe",
        "product": {
          "name": "Dynamics 365 Business Central Spring 2019 Update"
        },
        "product_version": "14.0.0 <Application Build 14.27.47563, Platform Build 14.0"
      },
      {
        "id": "4fbbae67-ab2a-319b-93c7-92145c1dfe75",
        "product": {
          "name": "Microsoft Dynamics NAV 2018"
        },
        "product_version": "1.0 <47562"
      },
      {
        "id": "ae78349f-96e6-3fd2-a7bc-e72f70a18f1c",
        "product": {
          "name": "Microsoft Dynamics NAV 2017"
        },
        "product_version": "1.0 <30601"
      },
      {
        "id": "d1e11c77-4294-306b-962d-7f041d9fb2ca",
        "product": {
          "name": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9"
        },
        "product_version": "17.0 <Application Build 17.9.28504, Platform Build 17.0."
      }
    ]
  }
]

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6Medium risk

Vulners AI Score6

CVSS 3.15.4

CVSS 23.5

EPSS0.02619