2 matches found
CVE-2020-11450
MicroStrategy Web 10.4 is affected by an information disclosure vulnerability where JVM configuration, CPU architecture, installation folder, and other environment details are exposed via /MicroStrategyWS/happyaxis.jsp. The issue enables an attacker to learn about the application environment, whi...
CVE-2019-12475
CVE-2019-12475 affects MicroStrategy Web prior to 10.4.6, with a stored XSS in the metric caused by insufficient input validation. The vulnerability is described as a cross-site scripting issue that could occur in authenticated contexts, with CVSS v3.0 base score 6.1 (NETWORK, LOW ATTACKER PRS, U...