Microsoft Dynamics
CVE-2021-1724 — Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Executive Summary
None
Overview
6.1
CVSS MEDIUM
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
CVSS Vector
ATTACK VECTOR
Adjacent
ATTACK COMPLEXITY
Low
PRIVILEGES REQUIRED
Low
USER INTERACTION
Required
SCOPE
Changed
Temporal Score: 5.5
EPSS Score
0.01178
probability of exploitation in the next 30 days
0.63572 percentile - updated 2026-06-20
View on FIRST.org
Affected Products
7 affected products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) | 4602915 (Security Update) |
Important | Spoofing | Maybe |
| Microsoft Dynamics 365 Business Central 2020 Release Wave 1 | 4602915 (Security Update) |
Important | Spoofing | Maybe |
| Microsoft Dynamics 365 Business Central 2020 Release Wave 2 | 4602915 (Security Update) |
Important | Spoofing | Maybe |
| Microsoft Dynamics NAV 2015 | 4602915 (Security Update) |
Important | Spoofing | Maybe |
| Microsoft Dynamics NAV 2016 | 4602915 (Security Update) |
Important | Spoofing | Maybe |
| Microsoft Dynamics NAV 2017 | 4602915 (Security Update) |
Important | Spoofing | Maybe |
| Microsoft Dynamics NAV 2018 | 4602915 (Security Update) |
Important | Spoofing | Maybe |
Patches
1 patch
| Article | Type | Restart |
|---|---|---|
4602915 |
Security Update | Maybe |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
Piotr Cielas@EY
References
On This Page