.. / CVE-2018-18775

Exploit for Microstrategy Web 7 - Cross-Site Scripting (CVE-2018-18775)

Description:

Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter.

Nuclei Template

View the template here CVE-2018-18775.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-18775.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-18775
https://www.exploit-db.com/exploits/45755
https://github.com/ARPSyndicate/kenzer-templates
http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html