Show filters
15 Total Results
Displaying 11-15 of 15
Sort by:
Attacker Value
Unknown

CVE-2019-12453

Disclosure Date: July 19, 2019 (last updated November 27, 2024)
In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.
0
0
Attacker Value
Unknown

CVE-2019-12475

Disclosure Date: July 17, 2019 (last updated November 27, 2024)
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation.
0
0
Attacker Value
Unknown

CVE-2018-18776

Disclosure Date: November 01, 2018 (last updated November 27, 2024)
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
0
0
Attacker Value
Unknown

CVE-2018-18777

Disclosure Date: November 01, 2018 (last updated November 27, 2024)
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
0
0
Attacker Value
Unknown

CVE-2018-18775

Disclosure Date: November 01, 2018 (last updated November 27, 2024)
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
0
0
View More Topics  < Previous