Skip to content
Authenticated XSS in Microstrategy Web - Versions prior to 10.1 patch 10
Branch: master
Clone or download
Latest commit e595c04 Jul 15, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md Update README.md Jul 15, 2019

README.md

CVE-2019-12453

CVE-2019-12453 Stored XSS in MicroStrategy Web prior to 10.1 patch 10

Author: undefinedmode https://github.com/undefinedmode/CVE-2019-12453

In MicroStrategy Web prior to version 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. The FLTB parameter is used throughout the application.

You can’t perform that action at this time.