18 results (0.003 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. Se presenta una vulnerabilidad de Server-Side Request Forgery (SSRF) en MicroStrategy Web SDK versiones 11.1 y anteriores, que permite a atacantes remotos no autenticados realizar un ataque de tipo Server-Side Request Forgery (SSRF) por medio del parámetro srcURL a la tarea shortURL • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204 https://tinyurl.com https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autentificados ejecutar código arbitrario por medio del parámetro key de la tarea getESRIExtraConfig • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autentificados ejecutar código arbitrario por medio del parámetro searchString de la tarea wikiScrapper • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://tinyurl.com https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autenticados ejecutar código arbitrario por medio del parámetro fileToUpload de la tarea uploadFile • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MicroStrategy Web SDK versiones 10.11 y anteriores, permite a atacantes remotos no autenticados ejecutar código arbitrario por medio del parámetro key de la tarea getGoogleExtraConfig • http://microstrategy.com http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •