CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

91 matches found

CNVD•added 2019/07/22 12:0 a.m.•4 views

MicroStrategy Web Cross-Site Scripting Vulnerability (CNVD-2019-23751)

Microstrategy Web is a set of U.S. Microstrategy's enterprise data analysis platform. The platform features data discovery, data visualization and report generation. A cross-site scripting vulnerability exists in the 'FLTB' parameter in MicroStrategy Web versions prior to 10.1 patch 10. The...

6.1CVSS6.4AI score0.00979EPSS

Exploits0References1

OSV•added 2019/07/19 5:15 p.m.•2 views

CVE-2019-12453

In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation...

6.1CVSS6.3AI score0.00979EPSS

Exploits0References2

NVD•added 2019/07/19 5:15 p.m.•18 views

CVE-2019-12453

In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation...

6.1CVSS6AI score0.00979EPSS

Exploits0References2

Prion•added 2019/07/19 5:15 p.m.•15 views

Input validation

In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation...

4.3CVSS5.9AI score0.00979EPSS

Exploits0References2Affected Software1

CVE•added 2019/07/19 4:53 p.m.•156 views

CVE-2019-12453

CVE-2019-12453 – MicroStrategy Web stored XSS : Affects MicroStrategy Web prior to 10.1 patch 10. The vulnerability is due to missing input validation in the FLTB parameter, enabling stored cross-site scripting. From the connected documents: exploitation is via the FLTB parameter in MicroStrategy...

6.1CVSS5.8AI score0.00979EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/07/19 4:53 p.m.•23 views

CVE-2019-12453

In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation...

6AI score0.00979EPSS

Exploits0References2

OSV•added 2019/07/17 5:15 p.m.•3 views

CVE-2019-12475

In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation...

6.1CVSS6.3AI score0.00979EPSS

Exploits0References2

NVD•added 2019/07/17 5:15 p.m.•19 views

CVE-2019-12475

In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation...

6.1CVSS6AI score0.00979EPSS

Exploits0References2

Prion•added 2019/07/17 5:15 p.m.•19 views

Input validation

In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation...

4.3CVSS5.9AI score0.00979EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/07/17 4:10 p.m.•23 views

CVE-2019-12475

In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation...

6AI score0.00979EPSS

Exploits0References2

OSV•added 2019/05/14 7:29 p.m.•2 views

CVE-2018-6885

An issue was discovered in MicroStrategy Web Services the Microsoft Office plugin before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. This includes the credentials to access the admin dashboard...

9.8CVSS5.8AI score0.01429EPSS

Exploits0References1

NVD•added 2019/05/14 7:29 p.m.•13 views

CVE-2018-6885

9.8CVSS9.4AI score0.01429EPSS

Exploits0References1

CVE•added 2019/05/14 6:35 p.m.•47 views

CVE-2018-6885

The CVE-2018-6885 entry describes an unauthenticated path-traversal vulnerability in MicroStrategy Web Services (the Microsoft Office plugin) prior to 10.4 Hotfix 7 and prior to 10.11. The vulnerability (in a SOAP request within the web service component) allows access to asset files using MicroS...

9.8CVSS9.3AI score0.01429EPSS

Exploits0References1Affected Software1

CNVD•added 2018/11/02 12:0 a.m.•2 views

Microstrategy Web Cross-Site Scripting Vulnerability

MicroStrategy Web is a highly interactive, easy-to-use application for report analysis and continuous business monitoring. A cross-site scripting vulnerability exists in Microstrategy Web 7. The vulnerability stems from Microstrategy Web failing to adequately encode user-controlled input. The...

6.1CVSS5.9AI score0.02321EPSS

Exploits5References1

CNVD•added 2018/11/02 12:0 a.m.•2 views

Microstrategy Web Directory Traversal Vulnerability

MicroStrategy Web is a highly interactive, easy-to-use application for report analysis and continuous business monitoring. A directory traversal vulnerability exists in Microstrategy Web 7 at "/WebMstr7/servlet/mstrWeb". A remote authenticated user can exploit this vulnerability to bypass expecte...

4.3CVSS4.8AI score0.19551EPSS

Exploits5References1

CNVD•added 2018/11/02 12:0 a.m.•2 views

Microstrategy Web Cross-Site Scripting Vulnerability (CNVD-2018-23268)

6.1CVSS5.9AI score0.06555EPSS

Exploits5References1

OSV•added 2018/11/01 5:29 p.m.•2 views

CVE-2018-18775

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product...

6.1CVSS5.8AI score0.06555EPSS

Exploits5References2

Prion•added 2018/11/01 5:29 p.m.•15 views

Cross site scripting

4.3CVSS5.9AI score0.06555EPSS

Exploits5References2Affected Software1

Prion•added 2018/11/01 5:29 p.m.•11 views

Cross site scripting

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product...

4.3CVSS5.9AI score0.02321EPSS

Exploits5References2Affected Software1

Prion•added 2018/11/01 5:29 p.m.•13 views

Directory traversal

Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" in the parameter subpage allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application...

4CVSS4.5AI score0.19551EPSS

Exploits5References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by