4 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autentificados ejecutar código arbitrario por medio del parámetro key de la tarea getESRIExtraConfig • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autentificados ejecutar código arbitrario por medio del parámetro searchString de la tarea wikiScrapper • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://tinyurl.com https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autenticados ejecutar código arbitrario por medio del parámetro fileToUpload de la tarea uploadFile • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autenticados ejecutar código arbitrario por medio del parámetro key de la tarea getGoogleExtraConfig • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •