Microsoft advises of a security vulnerability (CVE-2021-36946) in Dynamics 365 Business Central regarding cross-website scripting and has already released patches. The necessary updates can be found here at Microsoft.
Microsoft currently estimates the exploitability of this vulnerability to be less likely:
Microsoft analysis indicates that exploit code is unlikely to be successfully used in real attacks. This means that while exploit code can be released that triggers the vulnerability and leads to unusual behaviour, the full impact of exploitation is limited. Furthermore, Microsoft has not observed any instances of this vulnerability being actively exploited in the past. Consequently, the risk of this vulnerability actually being exploited is significantly lower.
Do you have questions about the vulnerability? Our experts will be happy to provide you with advice and discuss the necessary steps with you.