CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21806 – Power BI Report Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-21806
14 Feb 2023 — Power BI Report Server Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41372 – Power BI Report Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2021-41372
10 Nov 2021 — A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges ... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41372 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.7EPSS: 13%CPEs: 2EXPL: 0CVE-2021-26859 – Microsoft Power BI Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-26859
11 Mar 2021 — Microsoft Power BI Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información de Microsoft Power BI • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26859 •