Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microstrategy microstrategy web vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2020-11450
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issu...
Microstrategy Microstrategy Web
578
VMScore
CVE-2020-11451
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administr...
Microstrategy Microstrategy Web
356
VMScore
CVE-2020-11452
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the...
Microstrategy Microstrategy Web
516
VMScore
CVE-2020-22983
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and previous versions, allows remote unauthenticated malicious users to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
Microstrategy Microstrategy Web
384
VMScore
CVE-2019-12453
In MicroStrategy Web prior to 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.
Microstrategy Microstrategy Web
2 Github repositories
383
VMScore
CVE-2019-12475
In MicroStrategy Web prior to 10.4.6, there is stored XSS in metric due to insufficient input validation.
Microstrategy Microstrategy Web
1 Github repository
312
VMScore
CVE-2020-11454
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a ...
Microstrategy Microstrategy Web 10.4
435
VMScore
CVE-2018-18775
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
Microstrategy Microstrategy Web 7
1 EDB exploit
435
VMScore
CVE-2018-18776
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
Microstrategy Microstrategy Web 7
1 EDB exploit
383
VMScore
CVE-2020-22985
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and previous versions, allows remote unauthenticated malicious users to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
Microstrategy Microstrategy Web Sdk
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »