CVE-2018-18775

MEDIUM EXPLOITED NUCLEI

Microstrategy Web - XSS

Title source: rule

Description

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.

Exploits (1)

exploitdb WORKING POC

by Rafael Pedrero · textwebappsjsp

https://www.exploit-db.com/exploits/45755

View Code ZIP pw:eip

Nuclei Templates (1)

Microstrategy Web 7 - Cross-Site Scripting

MEDIUMby 0x_Akoko

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45755/

Scores

CVSS v3 6.1

EPSS 0.1602

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-09-19

CWE

CWE-79

Status published

Products (1)

microstrategy/microstrategy_web 7

Published Nov 01, 2018

Tracked Since Feb 18, 2026