Vulnerabilities > Microstrategy > Microstrategy WEB SDK

DATE CVE VULNERABILITY TITLE RISK
2022-05-12 CVE-2020-22984 Cross-site Scripting vulnerability in Microstrategy web SDK
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
network
low complexity
microstrategy CWE-79
6.1
6.1
2022-05-12 CVE-2020-22985 Cross-site Scripting vulnerability in Microstrategy web SDK
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
network
low complexity
microstrategy CWE-79
6.1
6.1
2022-05-12 CVE-2020-22986 Cross-site Scripting vulnerability in Microstrategy web SDK
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.
network
low complexity
microstrategy CWE-79
6.1
6.1
2022-05-12 CVE-2020-22987 Cross-site Scripting vulnerability in Microstrategy web SDK
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
network
low complexity
microstrategy CWE-79
6.1
6.1