3 matches found
CVE-2018-18775
The vulnerability CVE-2018-18775 affects Microstrategy Web 7, where Login.asp Msg parameter input is not sufficiently encoded, causing a Cross-Site Scripting (XSS). The NVD entry notes input encoding weaknesses leading to XSS with a base CVSS v3.0 score of 6.1 (Network, Low user interaction requi...
CVE-2018-18777
CVE-2018-18777 : MicroStrategy Web 7 is vulnerable to a directory traversal/local file inclusion via the parameter subpage of “/WebMstr7/servlet/mstrWeb”. Remote authenticated users can bypass SecurityManager restrictions and list a parent directory using “/..” in the pathname. Public references ...
CVE-2018-18776
CVE-2018-18776 concerns MicroStrategy Web 7, where an XSS vulnerability arises because input is not sufficiently encoded. The issue is exploitable via the admin/admin.asp ShowAll parameter, enabling a cross-site scripting attack. The product is deprecated, and multiple external sources (including...