Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microstrategy microstrategy web vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2020-11450
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issu...
Microstrategy Microstrategy Web
356
VMScore
CVE-2020-11452
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the...
Microstrategy Microstrategy Web
383
VMScore
CVE-2019-12475
In MicroStrategy Web prior to 10.4.6, there is stored XSS in metric due to insufficient input validation.
Microstrategy Microstrategy Web
1 Github repository
578
VMScore
CVE-2020-11451
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administr...
Microstrategy Microstrategy Web
516
VMScore
CVE-2020-22983
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and previous versions, allows remote unauthenticated malicious users to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
Microstrategy Microstrategy Web
384
VMScore
CVE-2019-12453
In MicroStrategy Web prior to 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.
Microstrategy Microstrategy Web
2 Github repositories
312
VMScore
CVE-2020-11454
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a ...
Microstrategy Microstrategy Web 10.4
383
VMScore
CVE-2020-22984
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and previous versions, allows remote unauthenticated malicious users to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
Microstrategy Microstrategy Web Sdk
383
VMScore
CVE-2020-22985
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and previous versions, allows remote unauthenticated malicious users to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
Microstrategy Microstrategy Web Sdk
383
VMScore
CVE-2020-22987
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and previous versions, allows remote unauthenticated malicious users to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
Microstrategy Microstrategy Web Sdk
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »