Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2020-22987 (GCVE-0-2020-22987)

Vulnerability from nvd – Published: 2022-05-12 19:58 – Updated: 2024-08-04 14:51

Summary

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

4 references

URL	Tags
http://microstrategy.com	x_refsource_MISC
http://www.yourcompany.com:8080/MicroStrategy/ser…	x_refsource_MISC
https://www.microstrategy.com/us/report-a-securit…	x_refsource_MISC
https://medium.com/%40win3zz/simple-story-of-some…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:51:10.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://microstrategy.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-12T19:58:03.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://microstrategy.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-22987",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://microstrategy.com",
              "refsource": "MISC",
              "url": "http://microstrategy.com"
            },
            {
              "name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
              "refsource": "MISC",
              "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
            },
            {
              "name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
              "refsource": "MISC",
              "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
            },
            {
              "name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
              "refsource": "MISC",
              "url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-22987",
    "datePublished": "2022-05-12T19:58:03.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:51:10.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-22986 (GCVE-0-2020-22986)

Vulnerability from nvd – Published: 2022-05-12 19:58 – Updated: 2024-08-04 14:51

Summary

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

5 references

URL	Tags
http://microstrategy.com	x_refsource_MISC
http://www.yourcompany.com:8080/MicroStrategy/ser…	x_refsource_MISC
https://tinyurl.com/	x_refsource_MISC
https://www.microstrategy.com/us/report-a-securit…	x_refsource_MISC
https://medium.com/%40win3zz/simple-story-of-some…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:51:11.144Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://microstrategy.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tinyurl.com/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-12T19:58:15.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://microstrategy.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tinyurl.com/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-22986",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://microstrategy.com",
              "refsource": "MISC",
              "url": "http://microstrategy.com"
            },
            {
              "name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
              "refsource": "MISC",
              "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
            },
            {
              "name": "https://tinyurl.com/",
              "refsource": "MISC",
              "url": "https://tinyurl.com/"
            },
            {
              "name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
              "refsource": "MISC",
              "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
            },
            {
              "name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
              "refsource": "MISC",
              "url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-22986",
    "datePublished": "2022-05-12T19:58:15.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:51:11.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-22985 (GCVE-0-2020-22985)

Vulnerability from nvd – Published: 2022-05-12 19:58 – Updated: 2024-08-04 14:51

Summary

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

4 references

URL	Tags
http://microstrategy.com	x_refsource_MISC
http://www.yourcompany.com:8080/MicroStrategy/ser…	x_refsource_MISC
https://www.microstrategy.com/us/report-a-securit…	x_refsource_MISC
https://medium.com/%40win3zz/simple-story-of-some…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:51:11.162Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://microstrategy.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-12T19:58:23.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://microstrategy.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-22985",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://microstrategy.com",
              "refsource": "MISC",
              "url": "http://microstrategy.com"
            },
            {
              "name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
              "refsource": "MISC",
              "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
            },
            {
              "name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
              "refsource": "MISC",
              "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
            },
            {
              "name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
              "refsource": "MISC",
              "url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-22985",
    "datePublished": "2022-05-12T19:58:23.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:51:11.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-22984 (GCVE-0-2020-22984)

Vulnerability from nvd – Published: 2022-05-12 19:57 – Updated: 2024-08-04 14:51

Summary

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

4 references

URL	Tags
http://microstrategy.com	x_refsource_MISC
http://www.yourcompany.com:8080/MicroStrategy/ser…	x_refsource_MISC
https://www.microstrategy.com/us/report-a-securit…	x_refsource_MISC
https://medium.com/%40win3zz/simple-story-of-some…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:51:11.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://microstrategy.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-12T19:57:58.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://microstrategy.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-22984",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://microstrategy.com",
              "refsource": "MISC",
              "url": "http://microstrategy.com"
            },
            {
              "name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
              "refsource": "MISC",
              "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
            },
            {
              "name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
              "refsource": "MISC",
              "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
            },
            {
              "name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
              "refsource": "MISC",
              "url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-22984",
    "datePublished": "2022-05-12T19:57:58.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:51:11.168Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-22985 (GCVE-0-2020-22985)

Vulnerability from cvelistv5 – Published: 2022-05-12 19:58 – Updated: 2024-08-04 14:51

Summary

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

4 references

URL	Tags
http://microstrategy.com	x_refsource_MISC
http://www.yourcompany.com:8080/MicroStrategy/ser…	x_refsource_MISC
https://www.microstrategy.com/us/report-a-securit…	x_refsource_MISC
https://medium.com/%40win3zz/simple-story-of-some…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:51:11.162Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://microstrategy.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-12T19:58:23.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://microstrategy.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-22985",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://microstrategy.com",
              "refsource": "MISC",
              "url": "http://microstrategy.com"
            },
            {
              "name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
              "refsource": "MISC",
              "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
            },
            {
              "name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
              "refsource": "MISC",
              "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
            },
            {
              "name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
              "refsource": "MISC",
              "url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-22985",
    "datePublished": "2022-05-12T19:58:23.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:51:11.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-22986 (GCVE-0-2020-22986)

Vulnerability from cvelistv5 – Published: 2022-05-12 19:58 – Updated: 2024-08-04 14:51

Summary

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

5 references

URL	Tags
http://microstrategy.com	x_refsource_MISC
http://www.yourcompany.com:8080/MicroStrategy/ser…	x_refsource_MISC
https://tinyurl.com/	x_refsource_MISC
https://www.microstrategy.com/us/report-a-securit…	x_refsource_MISC
https://medium.com/%40win3zz/simple-story-of-some…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:51:11.144Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://microstrategy.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tinyurl.com/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-12T19:58:15.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://microstrategy.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tinyurl.com/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-22986",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://microstrategy.com",
              "refsource": "MISC",
              "url": "http://microstrategy.com"
            },
            {
              "name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
              "refsource": "MISC",
              "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
            },
            {
              "name": "https://tinyurl.com/",
              "refsource": "MISC",
              "url": "https://tinyurl.com/"
            },
            {
              "name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
              "refsource": "MISC",
              "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
            },
            {
              "name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
              "refsource": "MISC",
              "url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-22986",
    "datePublished": "2022-05-12T19:58:15.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:51:11.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-22987 (GCVE-0-2020-22987)

Vulnerability from cvelistv5 – Published: 2022-05-12 19:58 – Updated: 2024-08-04 14:51

Summary

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

4 references

URL	Tags
http://microstrategy.com	x_refsource_MISC
http://www.yourcompany.com:8080/MicroStrategy/ser…	x_refsource_MISC
https://www.microstrategy.com/us/report-a-securit…	x_refsource_MISC
https://medium.com/%40win3zz/simple-story-of-some…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:51:10.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://microstrategy.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-12T19:58:03.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://microstrategy.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-22987",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://microstrategy.com",
              "refsource": "MISC",
              "url": "http://microstrategy.com"
            },
            {
              "name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
              "refsource": "MISC",
              "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
            },
            {
              "name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
              "refsource": "MISC",
              "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
            },
            {
              "name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
              "refsource": "MISC",
              "url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-22987",
    "datePublished": "2022-05-12T19:58:03.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:51:10.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-22984 (GCVE-0-2020-22984)

Vulnerability from cvelistv5 – Published: 2022-05-12 19:57 – Updated: 2024-08-04 14:51

Summary

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

4 references

URL	Tags
http://microstrategy.com	x_refsource_MISC
http://www.yourcompany.com:8080/MicroStrategy/ser…	x_refsource_MISC
https://www.microstrategy.com/us/report-a-securit…	x_refsource_MISC
https://medium.com/%40win3zz/simple-story-of-some…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:51:11.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://microstrategy.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-12T19:57:58.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://microstrategy.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-22984",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://microstrategy.com",
              "refsource": "MISC",
              "url": "http://microstrategy.com"
            },
            {
              "name": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc",
              "refsource": "MISC",
              "url": "http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc"
            },
            {
              "name": "https://www.microstrategy.com/us/report-a-security-vulnerability",
              "refsource": "MISC",
              "url": "https://www.microstrategy.com/us/report-a-security-vulnerability"
            },
            {
              "name": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d",
              "refsource": "MISC",
              "url": "https://medium.com/@win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-22984",
    "datePublished": "2022-05-12T19:57:58.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:51:11.168Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Find a vulnerability

Search criteria

8 vulnerabilities found for microstrategy_web_sdk by microstrategy

CVE-2020-22987 (GCVE-0-2020-22987)

CVE-2020-22986 (GCVE-0-2020-22986)

CVE-2020-22985 (GCVE-0-2020-22985)

CVE-2020-22984 (GCVE-0-2020-22984)

CVE-2020-22985 (GCVE-0-2020-22985)

CVE-2020-22986 (GCVE-0-2020-22986)

CVE-2020-22987 (GCVE-0-2020-22987)

CVE-2020-22984 (GCVE-0-2020-22984)