Vulnerabilities > Microstrategy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-02 | CVE-2020-11451 | Unrestricted Upload of File with Dangerous Type vulnerability in Microstrategy web 10.1/10.4/7 The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. | 7.2 |
| 2020-04-02 | CVE-2020-11450 | Unspecified vulnerability in Microstrategy web Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. | 7.5 |
| 2019-11-14 | CVE-2019-18957 | Cross-site Scripting vulnerability in Microstrategy Library Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. | 6.1 |
| 2019-07-19 | CVE-2019-12453 | Cross-site Scripting vulnerability in Microstrategy web 10.1/7 In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. | 6.1 |
| 2019-07-17 | CVE-2019-12475 | Cross-site Scripting vulnerability in Microstrategy web 10.1/10.4/7 In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation. | 6.1 |
| 2019-05-14 | CVE-2018-6885 | Path Traversal vulnerability in Microstrategy web Services An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. | 9.8 |
| 2018-12-28 | CVE-2018-18696 | Cross-Site Request Forgery (CSRF) vulnerability in Microstrategy 10.4/10.4.0026.0049/9.2.1 main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. | 8.8 |
| 2018-11-01 | CVE-2018-18777 | Path Traversal vulnerability in Microstrategy web 7 Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. | 4.3 |
| 2018-11-01 | CVE-2018-18776 | Cross-site Scripting vulnerability in Microstrategy web 7 Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. | 6.1 |
| 2018-11-01 | CVE-2018-18775 | Cross-site Scripting vulnerability in Microstrategy web 7 Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. | 6.1 |