undefinedmode/CVE-2019-12453

Authenticated XSS in Microstrategy Web - Versions prior to 10.1 patch 10

CVE-2019-12453

CVE-2019-12453 Stored XSS in MicroStrategy Web prior to 10.1 patch 10

Author: undefinedmode https://github.com/undefinedmode/CVE-2019-12453

In MicroStrategy Web prior to version 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. The FLTB parameter is used throughout the application.