4 matches found
CVE-2020-22984
The CVE-2020-22984 entry concerns a Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier. The root cause is lack of filtering/escaping of the getGoogleExtraConfig parameter, allowing remote unauthenticated attackers to execute arbitrary code via the key parameter. A...
CVE-2020-22986
CVE-2020-22986 describes a cross-site scripting (XSS) vulnerability in MicroStrategy Web SDK, affecting version 10.11 and earlier. The issue arises from missing filtering and escaping of the searchString parameter in the wikiScrapper task, enabling remote unauthenticated attackers to execute arbi...
CVE-2020-22987
CVE-2020-22987 : A cross-site scripting (XSS) vulnerability exists in MicroStrategy Web SDK 10.11 and earlier. The issue stems from lack of filtering/escaping of the fileToUpload parameter used by the uploadFile task, enabling remote unauthenticated attackers to execute arbitrary code via that pa...
CVE-2020-22985
CVE-2020-22985 : Concrete details from multiple sources show a Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier. The flaw enables remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task. Affected component ...