[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Vulnerability Disclosure and CVE assign

To: fulldisclosure@xxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [FD] Vulnerability Disclosure and CVE assign
From: Alphan YAVAS <alphan.yv@xxxxxxxxx>
Date: Thu, 14 Nov 2019 09:49:24 +0300

I. VULNERABILITY
-------------------------
Reflected XSS due to lack of input filtering in MicroStrategy Library

II. CVE REFERENCE
-------------------------
CVE-2019-18957

III. VENDOR
-------------------------
https://www.microstrategy.com/

IV. TIMELINE
-------------------------
05/07/2019 Vulnerability discovered
06/07/2019 Vendor contacted
06/09/2018 MicroStrategy Fix the vulnerability at the release V11.1.3

V. CREDIT
-------------------------
Alphan Yavas from Biznet Bilisim A.S.

VI. DESCRIPTION
-------------------------
Reflected XSS due to lack of input filtering in MicroStrategy Library
(before 11.1.3) which allow a remote attacker to conduct reflected
cross-site scripting attacks.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Minor security issue in punbb with SQLite
Next by Date: [FD] ScanGuard Antivirus (latest version) / Insecure Permissions
Previous by thread: [FD] Minor security issue in punbb with SQLite
Next by thread: [FD] ScanGuard Antivirus (latest version) / Insecure Permissions
Index(es):
- Date
- Thread