CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8605
https://notcve.org/view.php?id=CVE-2018-8605
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8606, CVE-2018-8607, CVE-2018-8608. Existe una vulnerabilidad Cross-Site Scripting (XSS) cuando Microsoft Dynamics 365 (on-premises), versión 8, no sanea correctamente una petición web especialmente manipulada a un servidor Dynamics afectado. Esto también se conoce como "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability". • http://www.securityfocus.com/bid/105889 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8605 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2018-8609
https://notcve.org/view.php?id=CVE-2018-8609
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365. Existe una vulnerabilidad de ejecución remota de código en Microsoft Dynamics 365 (on-premises), versión 8, cuando el servidor no sanea correctamente peticiones web a un servidor Dynamics afectado. Esto también se conoce como "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability". Esto afecta a Microsoft Dynamics 365. • http://www.securityfocus.com/bid/105894 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8609 • CWE-116: Improper Encoding or Escaping of Output •