Directory traversal

Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" in the parameter subpage allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application...

CVE-2018-18777

Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" in the parameter subpage allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application...

CVE-2018-18776

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product...

CVE-2018-18775

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product...

CVE-2018-18776

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product...

CVE-2018-18777

CVE-2018-18777 : MicroStrategy Web 7 is vulnerable to a directory traversal/local file inclusion via the parameter subpage of “/WebMstr7/servlet/mstrWeb”. Remote authenticated users can bypass SecurityManager restrictions and list a parent directory using “/..” in the pathname. Public references ...

CVE-2018-18775

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product...

CVE-2018-18776

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product...

Microstrategy Web 7 Cross Site Scripting / Traversal

!-- Exploit Title: Cross Site Scripting in Microstrategy Web version 7 Date: 29-10-2018 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.microstrategy.com Software Link: https://www.microstrategy.com Version: Microstrategy Web version 7 Tested on: Unix CVE : CVE-2018-18775 Category:...

Microstrategy Web 7 - Cross-Site Scripting Directory Traversal

Microstrategy Web 7 - Cross-Site Scripting Directory Traversal !-- Exploit Title: Cross Site Scripting in Microstrategy Web version 7 Date: 29-10-2018 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.microstrategy.com Software Link: https://www.microstrategy.com Version: Microstrategy...

Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal

!-- Exploit Title: Cross Site Scripting in Microstrategy Web version 7 Date: 29-10-2018 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.microstrategy.com Software Link: https://www.microstrategy.com Version: Microstrategy Web version 7 Tested on: Unix CVE : CVE-2018-18775 Category:...