163 matches found
CVE-2019-12475
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation...
CVE-2019-12475
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation...
Input validation
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation...
CVE-2019-12475
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation...
CVE-2019-12475
CVE-2019-12475 affects MicroStrategy Web prior to 10.4.6, with a stored XSS in the metric caused by insufficient input validation. The vulnerability is described as a cross-site scripting issue that could occur in authenticated contexts, with CVSS v3.0 base score 6.1 (NETWORK, LOW ATTACKER PRS, U...
CVE-2018-6885
An issue was discovered in MicroStrategy Web Services the Microsoft Office plugin before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. This includes the credentials to access the admin dashboard...
Path traversal
An issue was discovered in MicroStrategy Web Services the Microsoft Office plugin before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. This includes the credentials to access the admin dashboard...
CVE-2018-6885
An issue was discovered in MicroStrategy Web Services the Microsoft Office plugin before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. This includes the credentials to access the admin dashboard...
CVE-2018-6885
An issue was discovered in MicroStrategy Web Services the Microsoft Office plugin before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. This includes the credentials to access the admin dashboard...
CVE-2018-6885
The CVE-2018-6885 entry describes an unauthenticated path-traversal vulnerability in MicroStrategy Web Services (the Microsoft Office plugin) prior to 10.4 Hotfix 7 and prior to 10.11. The vulnerability (in a SOAP request within the web service component) allows access to asset files using MicroS...
CVE-2018-18696
main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=enUS and...
CVE-2018-18696
main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=enUS and...
Design/Logic Flaw
DISPUTED main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=enUS...
CVE-2018-18696
main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=enUS and...
CVE-2018-18696
MicroStrategy Analytics buffers a CSRF flaw in main.aspx, affecting versions before 10.4.0026.0049. The vulnerability allows a CSRF-based modification of user preferences due to insecure state-changing requests. Affected component: main.aspx. Root cause: CSRF in the web interface; exploitation de...
Microstrategy Analytics Cross-Site Request Forgery Vulnerability
Microstrategy Analytics is a suite of enterprise data analytics platforms from Microstrategy, Inc. in the United States. The platform features data discovery, data visualization and report generation. A cross-site request forgery vulnerability exists in the main.aspx file in Microstrategy Analyti...
Microstrategy Web Directory Traversal Vulnerability
MicroStrategy Web is a highly interactive, easy-to-use application for report analysis and continuous business monitoring. A directory traversal vulnerability exists in Microstrategy Web 7 at "/WebMstr7/servlet/mstrWeb". A remote authenticated user can exploit this vulnerability to bypass expecte...
Microstrategy Web Cross-Site Scripting Vulnerability
MicroStrategy Web is a highly interactive, easy-to-use application for report analysis and continuous business monitoring. A cross-site scripting vulnerability exists in Microstrategy Web 7. The vulnerability stems from Microstrategy Web failing to adequately encode user-controlled input. The...
Microstrategy Web Cross-Site Scripting Vulnerability (CNVD-2018-23268)
MicroStrategy Web is a highly interactive, easy-to-use application for report analysis and continuous business monitoring. A cross-site scripting vulnerability exists in Microstrategy Web 7. The vulnerability stems from Microstrategy Web failing to adequately encode user-controlled input. An...
CVE-2018-18775
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product...