Skip to content
Authenticated XSS in Microstrategy Web - Versions prior to 10.1 patch 10
Branch: master
Clone or download
Latest commit e595c04 Jul 15, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information. Update Jul 15, 2019


CVE-2019-12453 Stored XSS in MicroStrategy Web prior to 10.1 patch 10

Author: undefinedmode

In MicroStrategy Web prior to version 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. The FLTB parameter is used throughout the application.

You can’t perform that action at this time.