Shodan
Vulnerabilities
Vulnerable Software
Eng:  Security Vulnerabilities
CVE-2021-30213
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.
CVSS Score
6.1
EPSS Score
0.03
Published
2021-05-12
CVE-2021-30214
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-05-12
CVE-2021-30055
A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-04-05
CVE-2021-30056
Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-04-05
CVE-2021-30057
A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-04-05
CVE-2021-30058
Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-05
CVE-2013-6231
SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script
CVSS Score
8.8
EPSS Score
0.357
Published
2020-01-10
CVE-2013-6234
Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload."
CVSS Score
8.0
EPSS Score
0.022
Published
2019-11-22
CVE-2019-13188
In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application.
CVSS Score
9.8
EPSS Score
0.037
Published
2019-09-05
CVE-2019-13190
In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-09-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved