Arbitrary Code Execution via XSS Vulnerability in MicroStrategy Web SDK

Arbitrary Code Execution via XSS Vulnerability in MicroStrategy Web SDK

CVE-2020-22986 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.

Learn more about our Web App Pen Testing.