Power BI Report Server
by Microsoft
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21229 | 0.00 | — | 0.01 | Feb 10, 2026 | Improper input validation in Power BI allows an authorized attacker to execute code over a network. | |||
| CVE-2024-43612 | 0.00 | — | 0.01 | Oct 8, 2024 | Power BI Report Server Spoofing Vulnerability | |||
| CVE-2024-43481 | 0.00 | — | 0.02 | Oct 8, 2024 | Power BI Report Server Spoofing Vulnerability | |||
| CVE-2023-21806 | 0.00 | — | 0.01 | Feb 14, 2023 | Power BI Report Server Spoofing Vulnerability | |||
| CVE-2021-41372 | 0.00 | — | 0.01 | Nov 10, 2021 | A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities… | |||
| CVE-2020-1173 | 0.00 | — | 0.02 | May 21, 2020 | A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'. | |||
| CVE-2019-1332 | 0.00 | — | 0.07 | Dec 10, 2019 | A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'. |
- CVE-2026-21229Feb 10, 2026risk 0.00cvss —epss 0.01
Improper input validation in Power BI allows an authorized attacker to execute code over a network.
- CVE-2024-43612Oct 8, 2024risk 0.00cvss —epss 0.01
Power BI Report Server Spoofing Vulnerability
- CVE-2024-43481Oct 8, 2024risk 0.00cvss —epss 0.02
Power BI Report Server Spoofing Vulnerability
- CVE-2023-21806Feb 14, 2023risk 0.00cvss —epss 0.01
Power BI Report Server Spoofing Vulnerability
- CVE-2021-41372Nov 10, 2021risk 0.00cvss —epss 0.01
A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities…
- CVE-2020-1173May 21, 2020risk 0.00cvss —epss 0.02
A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'.
- CVE-2019-1332Dec 10, 2019risk 0.00cvss —epss 0.07
A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.