Eng: >> Knowage >> 7.3.0 Security Vulnerabilities
Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-04-05
A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-04-05
Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-05
Page 2