Vulnerabilities > Microstrategy > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-12 | CVE-2020-22984 | Cross-site Scripting vulnerability in Microstrategy web SDK Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task. | 6.1 |
| 2022-05-12 | CVE-2020-22985 | Cross-site Scripting vulnerability in Microstrategy web SDK Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task. | 6.1 |
| 2022-05-12 | CVE-2020-22986 | Cross-site Scripting vulnerability in Microstrategy web SDK Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task. | 6.1 |
| 2022-05-12 | CVE-2020-22987 | Cross-site Scripting vulnerability in Microstrategy web SDK Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task. | 6.1 |
| 2020-11-24 | CVE-2020-24815 | Server-Side Request Forgery (SSRF) vulnerability in Microstrategy 10.4/2019/2020 A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. | 4.0 |
| 2020-04-02 | CVE-2020-11453 | Server-Side Request Forgery (SSRF) vulnerability in Microstrategy web 10.4 Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. | 5.3 |
| 2020-04-02 | CVE-2020-11452 | Server-Side Request Forgery (SSRF) vulnerability in Microstrategy web 10.1/10.4/7 Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. | 4.0 |
| 2020-04-02 | CVE-2020-11451 | Unrestricted Upload of File with Dangerous Type vulnerability in Microstrategy web 10.1/10.4/7 The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. | 6.5 |
| 2020-04-02 | CVE-2020-11450 | Unspecified vulnerability in Microstrategy web Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. | 5.0 |
| 2019-11-14 | CVE-2019-18957 | Cross-site Scripting vulnerability in Microstrategy Library Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. | 4.3 |