01642 06 11 11 Arrange Call

Arbitrary Code Execution via XSS Vulnerability in MicroStrategy Web SDK

CVE-2020-22987 · MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE-2020-22987

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.

Learn more about our Web App Pen Testing.