A cross-site scripting vulnerability exists in Knime, the Swiss companyβs enterprise software for putting data science workflows into production. knime stems from the lack of proper validation of client-side data by the WEB application, which can be exploited by attackers to execute client-side code.