CVE-2020-22986

CVE-2020-22986

EPSS 1.4%

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://microstrategy.com https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://tinyurl.com/https://www.microstrategy.com/us/report-a-security-vulnerability http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc