Vulnerability Disclosure

From: Alphan YAVAS <alphan.yv@gmail.com>
To: fulldisclosure@seclists.org,bugtraq@securityfocus.com
Cc:
Subject: Vulnerability Disclosure
Date:


I. VULNERABILITY
-------------------------
Reflected XSS due to lack of input filtering in MicroStrategy Library

II. CVE REFERENCE
-------------------------
Not Assigned yet

III. VENDOR
-------------------------
https://www.microstrategy.com/

IV. TIMELINE
-------------------------
05/07/2019 Vulnerability discovered
06/07/2019 Vendor contacted
06/09/2018 MicroStrategy Fix the vulnerability at the release V11.1.3

V. CREDIT
-------------------------
Alphan Yavas from Biznet Bilisim A.S.

VI. DESCRIPTION
-------------------------
Reflected XSS due to lack of input filtering in MicroStrategy Library
(before 11.1.3) which allow a remote attacker to conduct reflected
cross-site scripting attacks.





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.