| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHW+MaRYOT0yaWfaNOZbdMWx8ZL0mVccCtxvE7v8N2+phsznPg@mail.gmail.com> Date: Wed, 13 Nov 2019 13:01:23 +0300 From: Alphan YAVAS <alphan.yv@...il.com> To: fulldisclosure@...lists.org, bugtraq@...urityfocus.com Subject: Vulnerability Disclosure I. VULNERABILITY ------------------------- Reflected XSS due to lack of input filtering in MicroStrategy Library II. CVE REFERENCE ------------------------- Not Assigned yet III. VENDOR ------------------------- https://www.microstrategy.com/ IV. TIMELINE ------------------------- 05/07/2019 Vulnerability discovered 06/07/2019 Vendor contacted 06/09/2018 MicroStrategy Fix the vulnerability at the release V11.1.3 V. CREDIT ------------------------- Alphan Yavas from Biznet Bilisim A.S. VI. DESCRIPTION ------------------------- Reflected XSS due to lack of input filtering in MicroStrategy Library (before 11.1.3) which allow a remote attacker to conduct reflected cross-site scripting attacks.
Powered by blists - more mailing lists