CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12453
https://notcve.org/view.php?id=CVE-2019-12453
In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. En MicroStrategy Web anterior a versión 10.1 parche 10, un problema de tipo XSS almacenado es posible en el parámetro FLTB debido a la falta de comprobación de entrada. • https://github.com/undefinedmode/CVE-2019-12453 http://www.microstrategy.com/producthelp/10.10/Readme/content/web.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12475
https://notcve.org/view.php?id=CVE-2019-12475
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation. En MicroStrategy Web en versiones anteriores a la 10.4.6, hay en la métrica un Cross-Site Scripting (XSS) debido a una validación de entrada insuficiente. • https://github.com/undefinedmode/CVE-2019-12475 https://community.microstrategy.com/s/article/Defects-and-Enhancements-Addressed-in-MicroStrategy-10-4-6-Secure-Enterprise-Platform?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-18776 – Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
https://notcve.org/view.php?id=CVE-2018-18776
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product. Microstrategy Web 7 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS) mediante el parámetro ShowAll en admin/admin.asp. NOTA: este producto está obsoleto. Microstrategy Web 7 suffers from cross site scripting and traversal vulnerabilities. • https://www.exploit-db.com/exploits/45755 http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-18775 – Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
https://notcve.org/view.php?id=CVE-2018-18775
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product. Microstrategy Web 7 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS) mediante el parámetro Msg en Login.asp. NOTA: este producto está obsoleto. Microstrategy Web 7 suffers from cross site scripting and traversal vulnerabilities. • https://www.exploit-db.com/exploits/45755 http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2018-18777 – Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal
https://notcve.org/view.php?id=CVE-2018-18777
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. vulnerabilidad de salto de directorio en Microstrategy Web 7 en "/WebMstr7/servlet/mstrWeb" (en la subpágina parameter) permite que usuarios autenticados remotos omitan las restricciones SecurityManager planeadas y listar un directorio padre mediante un /.. (barra punto punto) en un nombre de ruta empleado por una aplicación web. NOTA: este producto está obsoleto. • https://www.exploit-db.com/exploits/45755 http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •