CVE-2020-22987

CVE-2020-22987

EPSS 1.4%

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://microstrategy.com https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d https://www.microstrategy.com/us/report-a-security-vulnerability http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc