CVE-2018-18775

Name of the Vulnerable Software and Affected Versions Microstrategy Web version 7

Description The issue is related to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability. This can be exploited via the Msg parameter in the "Login.asp" endpoint. It is noted that Microstrategy Web is a deprecated product.

Recommendations For version 7, consider restricting access to the Msg parameter in the Login.asp endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the Msg parameter until a fix is available or the product is replaced with a non-deprecated version.