CVE-2019-12475
MEDIUMMicroStrategy Web < 10.4.6 - Stored Cross-Site Scripting in Metric Input
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-12475. PoCs published by undefinedmode.
AI-analyzed exploit summary This repository describes a stored XSS vulnerability in MicroStrategy Web prior to version 10.4.6, triggered via the Visual Threshold editor. The vulnerability was reported in 2017 and patched in version 10.4.6.
Description
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation.
Exploits (1)
nomisec
WRITEUP
by undefinedmode · poc
https://github.com/undefinedmode/CVE-2019-12475
This repository describes a stored XSS vulnerability in MicroStrategy Web prior to version 10.4.6, triggered via the Visual Threshold editor. The vulnerability was reported in 2017 and patched in version 10.4.6.
Classification
Writeup 80%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target:
MicroStrategy Web < 10.4.6
Auth required
Prerequisites:
Access to MicroStrategy Web with privileges to edit metrics
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/undefinedmode/CVE-2019-12475
Scores
CVSS v3
6.1
EPSS
0.0098
EPSS Percentile
57.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
microstrategy/microstrategy_web
< 10.4.6
Published
Jul 17, 2019
Tracked Since
Feb 18, 2026