Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities found for microstrategy_web_sdk by microstrategy
CVE-2020-22985 (GCVE-0-2020-22985)
Vulnerability from cvelistv5 – Published: 2022-05-12 19:58 – Updated: 2024-08-04 14:51
VLAI
Summary
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://microstrategy.com | x_refsource_MISC |
| http://www.yourcompany.com:8080/MicroStrategy/ser… | x_refsource_MISC |
| https://www.microstrategy.com/us/report-a-securit… | x_refsource_MISC |
| https://medium.com/%40win3zz/simple-story-of-some… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:11.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T19:58:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://microstrategy.com",
"refsource": "MISC",
"url": "http://microstrategy.com"
},
{
"name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
"refsource": "MISC",
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
"refsource": "MISC",
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
"refsource": "MISC",
"url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22985",
"datePublished": "2022-05-12T19:58:23.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:51:11.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-22986 (GCVE-0-2020-22986)
Vulnerability from cvelistv5 – Published: 2022-05-12 19:58 – Updated: 2024-08-04 14:51
VLAI
Summary
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://microstrategy.com | x_refsource_MISC |
| http://www.yourcompany.com:8080/MicroStrategy/ser… | x_refsource_MISC |
| https://tinyurl.com/ | x_refsource_MISC |
| https://www.microstrategy.com/us/report-a-securit… | x_refsource_MISC |
| https://medium.com/%40win3zz/simple-story-of-some… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:11.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tinyurl.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T19:58:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tinyurl.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://microstrategy.com",
"refsource": "MISC",
"url": "http://microstrategy.com"
},
{
"name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
"refsource": "MISC",
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"name": "https://tinyurl.com/",
"refsource": "MISC",
"url": "https://tinyurl.com/"
},
{
"name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
"refsource": "MISC",
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
"refsource": "MISC",
"url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22986",
"datePublished": "2022-05-12T19:58:15.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:51:11.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-22987 (GCVE-0-2020-22987)
Vulnerability from cvelistv5 – Published: 2022-05-12 19:58 – Updated: 2024-08-04 14:51
VLAI
Summary
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://microstrategy.com | x_refsource_MISC |
| http://www.yourcompany.com:8080/MicroStrategy/ser… | x_refsource_MISC |
| https://www.microstrategy.com/us/report-a-securit… | x_refsource_MISC |
| https://medium.com/%40win3zz/simple-story-of-some… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:10.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T19:58:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://microstrategy.com",
"refsource": "MISC",
"url": "http://microstrategy.com"
},
{
"name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
"refsource": "MISC",
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
"refsource": "MISC",
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
"refsource": "MISC",
"url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22987",
"datePublished": "2022-05-12T19:58:03.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:51:10.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-22984 (GCVE-0-2020-22984)
Vulnerability from cvelistv5 – Published: 2022-05-12 19:57 – Updated: 2024-08-04 14:51
VLAI
Summary
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://microstrategy.com | x_refsource_MISC |
| http://www.yourcompany.com:8080/MicroStrategy/ser… | x_refsource_MISC |
| https://www.microstrategy.com/us/report-a-securit… | x_refsource_MISC |
| https://medium.com/%40win3zz/simple-story-of-some… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:11.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T19:57:58.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://microstrategy.com",
"refsource": "MISC",
"url": "http://microstrategy.com"
},
{
"name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
"refsource": "MISC",
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
"refsource": "MISC",
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
"refsource": "MISC",
"url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22984",
"datePublished": "2022-05-12T19:57:58.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:51:11.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-22985 (GCVE-0-2020-22985)
Vulnerability from nvd – Published: 2022-05-12 19:58 – Updated: 2024-08-04 14:51
VLAI
Summary
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://microstrategy.com | x_refsource_MISC |
| http://www.yourcompany.com:8080/MicroStrategy/ser… | x_refsource_MISC |
| https://www.microstrategy.com/us/report-a-securit… | x_refsource_MISC |
| https://medium.com/%40win3zz/simple-story-of-some… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:11.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T19:58:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://microstrategy.com",
"refsource": "MISC",
"url": "http://microstrategy.com"
},
{
"name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
"refsource": "MISC",
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
"refsource": "MISC",
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
"refsource": "MISC",
"url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22985",
"datePublished": "2022-05-12T19:58:23.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:51:11.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-22986 (GCVE-0-2020-22986)
Vulnerability from nvd – Published: 2022-05-12 19:58 – Updated: 2024-08-04 14:51
VLAI
Summary
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://microstrategy.com | x_refsource_MISC |
| http://www.yourcompany.com:8080/MicroStrategy/ser… | x_refsource_MISC |
| https://tinyurl.com/ | x_refsource_MISC |
| https://www.microstrategy.com/us/report-a-securit… | x_refsource_MISC |
| https://medium.com/%40win3zz/simple-story-of-some… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:11.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tinyurl.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T19:58:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tinyurl.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://microstrategy.com",
"refsource": "MISC",
"url": "http://microstrategy.com"
},
{
"name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
"refsource": "MISC",
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"name": "https://tinyurl.com/",
"refsource": "MISC",
"url": "https://tinyurl.com/"
},
{
"name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
"refsource": "MISC",
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
"refsource": "MISC",
"url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22986",
"datePublished": "2022-05-12T19:58:15.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:51:11.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-22987 (GCVE-0-2020-22987)
Vulnerability from nvd – Published: 2022-05-12 19:58 – Updated: 2024-08-04 14:51
VLAI
Summary
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://microstrategy.com | x_refsource_MISC |
| http://www.yourcompany.com:8080/MicroStrategy/ser… | x_refsource_MISC |
| https://www.microstrategy.com/us/report-a-securit… | x_refsource_MISC |
| https://medium.com/%40win3zz/simple-story-of-some… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:10.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T19:58:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://microstrategy.com",
"refsource": "MISC",
"url": "http://microstrategy.com"
},
{
"name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
"refsource": "MISC",
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
"refsource": "MISC",
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
"refsource": "MISC",
"url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22987",
"datePublished": "2022-05-12T19:58:03.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:51:10.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-22984 (GCVE-0-2020-22984)
Vulnerability from nvd – Published: 2022-05-12 19:57 – Updated: 2024-08-04 14:51
VLAI
Summary
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://microstrategy.com | x_refsource_MISC |
| http://www.yourcompany.com:8080/MicroStrategy/ser… | x_refsource_MISC |
| https://www.microstrategy.com/us/report-a-securit… | x_refsource_MISC |
| https://medium.com/%40win3zz/simple-story-of-some… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:11.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T19:57:58.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://microstrategy.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://microstrategy.com",
"refsource": "MISC",
"url": "http://microstrategy.com"
},
{
"name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
"refsource": "MISC",
"url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
},
{
"name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
"refsource": "MISC",
"url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
},
{
"name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
"refsource": "MISC",
"url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22984",
"datePublished": "2022-05-12T19:57:58.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:51:11.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}