9 matches found
CVE-2021-31984
CVE-2021-31984 is a remote code execution vulnerability affecting Microsoft Power BI components (notably Power BI Report Server). The CVE entry is supported by multiple sources indicating an RCE risk in affected Power BI products, with the underlying issue tied to code execution paths in Power BI...
CVE-2019-1332
CVE-2019-1332 is an XSS in Microsoft SQL Server Reporting Services (SSRS) caused by inadequate sanitization of crafted web requests. Affected product: SSRS within SQL Server deployments. Impact per documentation: cross-site scripting could enable script execution in the context of the SSRS user. ...
CVE-2024-43612
CVE-2024-43612 affects Microsoft Power BI Report Server. The issue is described as a server-side spoofing vulnerability that could allow an attacker to impersonate a user and influence the user interface, potentially enabling remote code execution under the attacker’s context in some disclosures....
CVE-2021-41372
Summary of CVE-2021-41372 (Power BI Report Server) : A combination of XSS and CSRF vulnerabilities occurs when a Power BI Report Server Template file (pbix) containing HTML is uploaded and HTML is accessed by a victim. Root cause: insufficient sanitization of file uploads, enabling uploaded templ...
CVE-2021-26859
CVE-2021-26859 is a Microsoft Power BI Information Disclosure vulnerability affecting Power BI Report Server versions cited as affected: 15.0.1103.234 and 15.0.1104.300 (per CNNVD). The issue is described as an information disclosure caused by excessive data output by the application, enabling an...
CVE-2024-43481
CVE-2024-43481 affects Power BI Report Server with a spoofing vulnerability in the server UI. Affected component: Power BI Report Server; root cause details are not fully enumerated in the provided documents, but the issue is identified as a server spoofing vulnerability with high impact per CVSS...
CVE-2023-21806
CVE-2023-21806 is a spoofing vulnerability in Microsoft Power BI Report Server. Public sources indicate an authenticated, remote attacker could exploit it by deceiving a user into opening a malicious file on the server, enabling credential exposure or UI spoofing leading to privilege escalation. ...
CVE-2020-1173
CVE-2020-1173 : A spoofing vulnerability in Microsoft Power BI Report Server arises from improper validation of the content-type of uploaded attachments. An authenticated attacker could upload a specially crafted payload and execute scripts in the user’s security context, enabling user-interface ...
CVE-2026-21229
Power BI is affected by CVE-2026-21229 due to improper input validation, enabling an authorized attacker to execute code over a network. CVSS v3.1 base score 8.0 (High). Refer to Microsoft MSRC advisory for mitigations and updates.