CVE-2019-12453

MEDIUM

MicroStrategy Web < 10.1 - Stored Cross-Site Scripting via FLTB Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12453. PoCs published by undefinedmode.

AI-analyzed exploit summary The repository describes a stored XSS vulnerability in MicroStrategy Web prior to version 10.1 patch 10, where the FLTB parameter lacks input validation. The README provides a brief technical overview but lacks depth in exploitation details or code.

Description

In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.

Exploits (1)

nomisec WRITEUP
by undefinedmode · poc
https://github.com/undefinedmode/CVE-2019-12453

The repository describes a stored XSS vulnerability in MicroStrategy Web prior to version 10.1 patch 10, where the FLTB parameter lacks input validation. The README provides a brief technical overview but lacks depth in exploitation details or code.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: MicroStrategy Web prior to 10.1 patch 10
No auth needed
Prerequisites: Access to a vulnerable MicroStrategy Web instance
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/undefinedmode/CVE-2019-12453

Scores

CVSS v3 6.1
EPSS 0.0098
EPSS Percentile 57.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
microstrategy/microstrategy_web < 10.1
Published Jul 19, 2019
Tracked Since Feb 18, 2026