CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-22983
https://notcve.org/view.php?id=CVE-2020-22983
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. Se presenta una vulnerabilidad de Server-Side Request Forgery (SSRF) en MicroStrategy Web SDK versiones 11.1 y anteriores, que permite a atacantes remotos no autenticados realizar un ataque de tipo Server-Side Request Forgery (SSRF) por medio del parámetro srcURL a la tarea shortURL • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204 https://tinyurl.com https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-22985
https://notcve.org/view.php?id=CVE-2020-22985
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autentificados ejecutar código arbitrario por medio del parámetro key de la tarea getESRIExtraConfig • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-22986
https://notcve.org/view.php?id=CVE-2020-22986
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autentificados ejecutar código arbitrario por medio del parámetro searchString de la tarea wikiScrapper • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://tinyurl.com https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-22987
https://notcve.org/view.php?id=CVE-2020-22987
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autenticados ejecutar código arbitrario por medio del parámetro fileToUpload de la tarea uploadFile • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-22984
https://notcve.org/view.php?id=CVE-2020-22984
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autenticados ejecutar código arbitrario por medio del parámetro key de la tarea getGoogleExtraConfig • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •