Lucene search
+L

163 matches found

nvd
nvd
added 2019/07/17 5:15 p.m.21 views

CVE-2019-12475

In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation...

6.1CVSS6AI score0.00979EPSS
Exploits0References2
osv
osv
added 2019/07/17 5:15 p.m.6 views

CVE-2019-12475

In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation...

6.1CVSS6.3AI score0.00979EPSS
Exploits0References2
prion
prion
added 2019/07/17 5:15 p.m.21 views

Input validation

In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation...

4.3CVSS5.9AI score0.00979EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2019/07/17 4:10 p.m.27 views

CVE-2019-12475

In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation...

6AI score0.00979EPSS
Exploits0References2
cve
cve
added 2019/07/17 4:10 p.m.48 views

CVE-2019-12475

CVE-2019-12475 affects MicroStrategy Web prior to 10.4.6, with a stored XSS in the metric caused by insufficient input validation. The vulnerability is described as a cross-site scripting issue that could occur in authenticated contexts, with CVSS v3.0 base score 6.1 (NETWORK, LOW ATTACKER PRS, U...

6.1CVSS5.8AI score0.00979EPSS
Exploits0References2Affected Software1
osv
osv
added 2019/05/14 7:29 p.m.6 views

CVE-2018-6885

An issue was discovered in MicroStrategy Web Services the Microsoft Office plugin before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. This includes the credentials to access the admin dashboard...

9.8CVSS5.8AI score0.01429EPSS
Exploits0References1
prion
prion
added 2019/05/14 7:29 p.m.15 views

Path traversal

An issue was discovered in MicroStrategy Web Services the Microsoft Office plugin before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. This includes the credentials to access the admin dashboard...

5CVSS9.2AI score0.01429EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2019/05/14 7:29 p.m.15 views

CVE-2018-6885

An issue was discovered in MicroStrategy Web Services the Microsoft Office plugin before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. This includes the credentials to access the admin dashboard...

9.8CVSS9.4AI score0.01429EPSS
Exploits0References1
cvelist
cvelist
added 2019/05/14 6:35 p.m.19 views

CVE-2018-6885

An issue was discovered in MicroStrategy Web Services the Microsoft Office plugin before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. This includes the credentials to access the admin dashboard...

9.4AI score0.01429EPSS
Exploits0References1
cve
cve
added 2019/05/14 6:35 p.m.49 views

CVE-2018-6885

The CVE-2018-6885 entry describes an unauthenticated path-traversal vulnerability in MicroStrategy Web Services (the Microsoft Office plugin) prior to 10.4 Hotfix 7 and prior to 10.11. The vulnerability (in a SOAP request within the web service component) allows access to asset files using MicroS...

9.8CVSS9.3AI score0.01429EPSS
Exploits0References1Affected Software1
osv
osv
added 2018/12/28 5:29 p.m.3 views

CVE-2018-18696

main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=enUS and...

8.8CVSS5.7AI score0.00846EPSS
Exploits1References3
nvd
nvd
added 2018/12/28 5:29 p.m.13 views

CVE-2018-18696

main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=enUS and...

8.8CVSS8.7AI score0.00846EPSS
Exploits1References3
prion
prion
added 2018/12/28 5:29 p.m.13 views

Design/Logic Flaw

DISPUTED main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=enUS...

6.8CVSS8.6AI score0.00846EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2018/12/28 5:0 p.m.15 views

CVE-2018-18696

main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=enUS and...

8.7AI score0.00846EPSS
Exploits1References3
cve
cve
added 2018/12/28 5:0 p.m.45 views

CVE-2018-18696

MicroStrategy Analytics buffers a CSRF flaw in main.aspx, affecting versions before 10.4.0026.0049. The vulnerability allows a CSRF-based modification of user preferences due to insecure state-changing requests. Affected component: main.aspx. Root cause: CSRF in the web interface; exploitation de...

8.8CVSS8.6AI score0.00846EPSS
Exploits1References3Affected Software1
cnvd
cnvd
added 2018/11/29 12:0 a.m.5 views

Microstrategy Analytics Cross-Site Request Forgery Vulnerability

Microstrategy Analytics is a suite of enterprise data analytics platforms from Microstrategy, Inc. in the United States. The platform features data discovery, data visualization and report generation. A cross-site request forgery vulnerability exists in the main.aspx file in Microstrategy Analyti...

8.8CVSS8.8AI score0.00846EPSS
Exploits1References1
cnvd
cnvd
added 2018/11/02 12:0 a.m.4 views

Microstrategy Web Directory Traversal Vulnerability

MicroStrategy Web is a highly interactive, easy-to-use application for report analysis and continuous business monitoring. A directory traversal vulnerability exists in Microstrategy Web 7 at "/WebMstr7/servlet/mstrWeb". A remote authenticated user can exploit this vulnerability to bypass expecte...

4.3CVSS4.8AI score0.19551EPSS
Exploits5References1
cnvd
cnvd
added 2018/11/02 12:0 a.m.5 views

Microstrategy Web Cross-Site Scripting Vulnerability

MicroStrategy Web is a highly interactive, easy-to-use application for report analysis and continuous business monitoring. A cross-site scripting vulnerability exists in Microstrategy Web 7. The vulnerability stems from Microstrategy Web failing to adequately encode user-controlled input. The...

6.1CVSS5.9AI score0.02321EPSS
Exploits5References1
cnvd
cnvd
added 2018/11/02 12:0 a.m.5 views

Microstrategy Web Cross-Site Scripting Vulnerability (CNVD-2018-23268)

MicroStrategy Web is a highly interactive, easy-to-use application for report analysis and continuous business monitoring. A cross-site scripting vulnerability exists in Microstrategy Web 7. The vulnerability stems from Microstrategy Web failing to adequately encode user-controlled input. An...

6.1CVSS5.9AI score0.06555EPSS
Exploits5References1
nvd
nvd
added 2018/11/01 5:29 p.m.16 views

CVE-2018-18775

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product...

6.1CVSS6AI score0.06555EPSS
Exploits5References2
Rows per page
Query Builder