ByteOS Network

NVD Vulnerability Details :

CVE-2020-22987

Modified

Source-cve@mitre.org

Published At-12 May, 2022 | 20:15

Updated At-07 Nov, 2023 | 03:19

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

microstrategy>>microstrategy_web_sdk>>Versions up to 10.11(inclusive)

cpe:2.3:a:microstrategy:microstrategy_web_sdk:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://microstrategy.com	cve@mitre.org	Product
http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProc	cve@mitre.org	Broken Link
https://medium.com/%40win3zz/simple-story-of-some-complicated-xss-on-facebook-8a9c0d80969d	cve@mitre.org	N/A
https://www.microstrategy.com/us/report-a-security-vulnerability	cve@mitre.org	Vendor Advisory