Page 2 of 9 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation. En MicroStrategy Web en versiones anteriores a la 10.4.6, hay en la métrica un Cross-Site Scripting (XSS) debido a una validación de entrada insuficiente. • https://github.com/undefinedmode/CVE-2019-12475 https://community.microstrategy.com/s/article/Defects-and-Enhancements-Addressed-in-MicroStrategy-10-4-6-Secure-Enterprise-Platform?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product. Microstrategy Web 7 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS) mediante el parámetro ShowAll en admin/admin.asp. NOTA: este producto está obsoleto. Microstrategy Web 7 suffers from cross site scripting and traversal vulnerabilities. • https://www.exploit-db.com/exploits/45755 http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product. Microstrategy Web 7 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS) mediante el parámetro Msg en Login.asp. NOTA: este producto está obsoleto. Microstrategy Web 7 suffers from cross site scripting and traversal vulnerabilities. • https://www.exploit-db.com/exploits/45755 http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. vulnerabilidad de salto de directorio en Microstrategy Web 7 en "/WebMstr7/servlet/mstrWeb" (en la subpágina parameter) permite que usuarios autenticados remotos omitan las restricciones SecurityManager planeadas y listar un directorio padre mediante un /.. (barra punto punto) en un nombre de ruta empleado por una aplicación web. NOTA: este producto está obsoleto. • https://www.exploit-db.com/exploits/45755 http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •