Eng: >> Knowage >> 6.1.4 Security Vulnerabilities
In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-28
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases.
CVSS Score
8.8
EPSS Score
0.012
Published
2019-08-28
Page 2