Eng: >> Knowage >> 6.1.5 Security Vulnerabilities
A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-04-05
Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-05
In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application.
CVSS Score
9.8
EPSS Score
0.04
Published
2019-09-05
In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-28
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases.
CVSS Score
8.8
EPSS Score
0.011
Published
2019-08-28
Page 2