Cross-Site Scripting Vulnerability in Microsoft Dynamics AX 2012
CVE-2012-1857

Currently unrated

Key Information:

Vendor: Microsoft
Status: Dynamics Ax
Vendor: CVE Published:; 12 June 2012

What is CVE-2012-1857?

The vulnerability in Microsoft Dynamics AX 2012's Enterprise Portal component enables remote attackers to exploit cross-site scripting (XSS) weaknesses. By crafting a specific URL, an attacker can inject arbitrary web scripts or HTML into the web application, potentially compromising user data and session information. This security flaw underscores the importance of proper input validation and sanitization in web applications to safeguard against XSS attacks.

References

http://www.us-cert.gov/cas/techalerts/TA12-164A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

42% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2012
Vulnerability Reserved
Mar 22, 2012