Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microstrategy microstrategy web vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-12475
In MicroStrategy Web prior to 10.4.6, there is stored XSS in metric due to insufficient input validation.
Microstrategy Microstrategy Web
1 Github repository
516
VMScore
CVE-2020-22983
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and previous versions, allows remote unauthenticated malicious users to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
Microstrategy Microstrategy Web
356
VMScore
CVE-2020-11452
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the...
Microstrategy Microstrategy Web
446
VMScore
CVE-2020-11450
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issu...
Microstrategy Microstrategy Web
578
VMScore
CVE-2020-11451
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administr...
Microstrategy Microstrategy Web
384
VMScore
CVE-2019-12453
In MicroStrategy Web prior to 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.
Microstrategy Microstrategy Web
2 Github repositories
383
VMScore
CVE-2020-22985
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and previous versions, allows remote unauthenticated malicious users to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
Microstrategy Microstrategy Web Sdk
383
VMScore
CVE-2020-22986
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and previous versions, allows remote unauthenticated malicious users to execute arbitrary code via the searchString parameter to the wikiScrapper task.
Microstrategy Microstrategy Web Sdk
383
VMScore
CVE-2020-22987
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and previous versions, allows remote unauthenticated malicious users to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
Microstrategy Microstrategy Web Sdk
435
VMScore
CVE-2018-18776
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
Microstrategy Microstrategy Web 7
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »