CVE-2021-36946

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics Business Central (affected versions not specified) Microsoft Dynamics NAV (affected versions not specified)

Description The issue is related to a lack of protection for the web page structure in Microsoft Dynamics 365 Business Central and Microsoft Dynamics NAV, allowing for cross-site scripting attacks. An attacker could exploit this by using a specially crafted malicious link to conduct remote cross-site scripting attacks.

Recommendations For Microsoft Dynamics Business Central, update to a version that includes fixes for cross-site scripting vulnerabilities. For Microsoft Dynamics NAV, apply configuration changes to protect against cross-site scripting attacks, such as validating user input and encoding output. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.