Cross-Site Scripting (XSS) Vulnerability in Microstrategy Web 7 via admin/admin.asp ShowAll Parameter

Cross-Site Scripting (XSS) Vulnerability in Microstrategy Web 7 via admin/admin.asp ShowAll Parameter

CVE-2018-18776 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.

Learn more about our Web App Pen Testing.