Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-3808

Malware in sbrugna...

5.4CVSS5.6AI score0.00904EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2025/05/22 5:25 p.m.7 views

CVE-2020-11454

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...

5.4CVSS5.1AI score0.00904EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:24 p.m.4 views

CVE-2020-11453

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...

5.3CVSS5.8AI score0.02732EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:23 p.m.5 views

CVE-2020-11451

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. This is also exploitable via SSRF. Note: The ability to upload visualization plugins requires administrator privileges...

7.2CVSS7.1AI score0.02658EPSS
Exploits3References1
NVD
NVD
added 2020/04/02 4:15 p.m.31 views

CVE-2020-11453

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...

5.3CVSS5.4AI score0.02732EPSS
Exploits3References4
Prion
Prion
added 2020/04/02 4:15 p.m.28 views

Design/Logic Flaw

Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources aka SSRF or leak files from the local system using the...

4CVSS4.5AI score0.01215EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2020/04/02 3:3 p.m.61 views

CVE-2020-11453

CVE-2020-11453 relates to MicroStrategy Web 10.4 and involves a Server-Side Request Forgery in the Test Web Service exposed at /MicroStrategyWS/. The SSRF requires no authentication and cannot pass parameters, but can be used to perform port scanning and enumerate network resources (IP addresses ...

5.3CVSS5.4AI score0.02732EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2020/04/02 3:3 p.m.31 views

CVE-2020-11453

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...

5.4AI score0.02732EPSS
Exploits3References4
CVE
CVE
added 2020/04/02 3:0 p.m.55 views

CVE-2020-11451

The CVE-2020-11451 entry concerns MicroStrategy Web 10.4 (Upload Visualization plugin in the admin panel). The vulnerability arises from allowing an administrator to upload a ZIP archive with arbitrary extensions and data, via a plugin upload mechanism that requires admin privileges. The descript...

7.2CVSS6.9AI score0.02658EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2020/04/02 2:58 p.m.36 views

CVE-2020-11454

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...

5.3AI score0.00904EPSS
Exploits3References4
Rows per page
Query Builder