Knowage Suite 7.3 - Cross-Site Scripting

Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. id: CVE-2021-30213 info: name: Knowage Suite 7.3 - Cross-Site Scripting author: alph4byt3 severity:...

EUVD-2021-16999

Malware in sbrugna...

EUVD-2021-17146

Malware in sbrugna...

EUVD-2021-17144

Malware in sbrugna...

EUVD-2021-17143

Malware in sbrugna...

EUVD-2021-17000

Malware in sbrugna...

EUVD-2021-17145

Malware in sbrugna...

EUVD-2021-17001

Malware in sbrugna...

EUVD-2021-17002

Malware in sbrugna...

CVE-2021-30214

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...

CVE-2021-30211

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter...

CVE-2021-30212

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter...

CVE-2021-30213

Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...

CVE-2021-30057

A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters...

CVE-2021-30056

Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting XSS. An attacker can inject arbitrary web script in /restful-services/publish via the 'EXECFROM' parameter that can lead to data leakage...

CVE-2021-30058

Knowage Suite before 7.4 is vulnerable to cross-site scripting XSS. An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBIHOST' parameter...

CVE-2021-30055

A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'paryear' parameter when running a report...

Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34492)

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "nota" parameter...

Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34493)

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "targetService" parameter...

Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34490)

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "name" parameter...