CVE-2020-22985
https://notcve.org/view.php?id=CVE-2020-22985
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autentificados ejecutar código arbitrario por medio del parámetro key de la tarea getESRIExtraConfig • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-22986
https://notcve.org/view.php?id=CVE-2020-22986
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autentificados ejecutar código arbitrario por medio del parámetro searchString de la tarea wikiScrapper • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://tinyurl.com https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-22987
https://notcve.org/view.php?id=CVE-2020-22987
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autenticados ejecutar código arbitrario por medio del parámetro fileToUpload de la tarea uploadFile • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-22984
https://notcve.org/view.php?id=CVE-2020-22984
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autenticados ejecutar código arbitrario por medio del parámetro key de la tarea getGoogleExtraConfig • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •