Lucene search
K

223 matches found

NVD
NVD
added 2021/05/12 5:15 p.m.23 views

CVE-2021-30213

Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...

6.1CVSS0.02721EPSS
Exploits1References1
NVD
NVD
added 2021/05/12 5:15 p.m.17 views

CVE-2021-30214

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...

5.4CVSS0.23795EPSS
Exploits1References1
Prion
Prion
added 2021/05/12 5:15 p.m.17 views

Cross site scripting

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter...

3.5CVSS5.2AI score0.00499EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/05/12 5:15 p.m.12 views

Cross site scripting

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter...

3.5CVSS5.2AI score0.00581EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/05/12 5:15 p.m.16 views

Cross site scripting

Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...

4.3CVSS6AI score0.02721EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/05/12 5:15 p.m.13 views

Design/Logic Flaw

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...

3.5CVSS5.7AI score0.23795EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/05/12 4:19 p.m.20 views

CVE-2021-30213

Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...

6.2AI score0.02721EPSS
Exploits1References1
CVE
CVE
added 2021/05/12 4:19 p.m.83 views

CVE-2021-30213

Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary web script via the targetService parameter in the /servlet/AdapterHTTP endpoint. Impact, as described, could allow malicious scripts to run in the victim’s browser, p...

6.1CVSS6AI score0.02721EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/05/12 4:18 p.m.21 views

CVE-2021-30214

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...

5.9AI score0.23795EPSS
Exploits1References1
CVE
CVE
added 2021/05/12 4:18 p.m.59 views

CVE-2021-30214

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection at /knowage/restful-services/signup/update through the name parameter. Root cause: the system stores client templates via the name parameter, enabling injection. Impact per sources is limited to client-side template manipula...

5.4CVSS5.6AI score0.23795EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/05/12 4:14 p.m.20 views

CVE-2021-30212

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter...

5.4AI score0.00581EPSS
Exploits1References1
CVE
CVE
added 2021/05/12 4:14 p.m.66 views

CVE-2021-30212

CVE-2021-30212 affects Knowage Suite 7.3 and is a Stored Cross-Site Scripting (XSS) vulnerability. The exposed component is the RESTful service at /knowage/restful-services/documentnotes/saveNote, where an attacker can inject arbitrary web scripts via the nota parameter. The CVE details in the co...

5.4CVSS5.2AI score0.00581EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/05/12 4:12 p.m.18 views

CVE-2021-30211

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter...

5.4AI score0.00499EPSS
Exploits0References1
CVE
CVE
added 2021/05/12 4:12 p.m.73 views

CVE-2021-30211

CVE-2021-30211 affects Knowage Suite 7.3. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the REST endpoint /knowage/restful-services/signup/update, exploitable via the surname parameter. The issue allows an attacker to inject arbitrary web scripts, potentially executed in victim...

5.4CVSS5.2AI score0.00499EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/05/12 12:0 a.m.4 views

Knowage 跨站脚本漏洞

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "name" parameter...

5.4CVSS5.4AI score0.00499EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/12 12:0 a.m.5 views

Knowage 跨站脚本漏洞

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "targetService" parameter...

6.1CVSS5.4AI score0.02721EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/05/12 12:0 a.m.5 views

Knowage 跨站脚本漏洞

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "nota" parameter...

5.4CVSS5.4AI score0.00581EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/05/12 12:0 a.m.5 views

Knowage 注入漏洞

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A security vulnerability exists in Knowage Suite version 7.3. The vulnerability stems from the program's tendency to store client templates in...

5.4CVSS5.6AI score0.23795EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/06 12:0 a.m.7 views

Knowage Cross-Site Scripting Vulnerability (CNVD-2021-26380)

Knowage is a suite of open source tools for modern business analytics. A reflective cross-site scripting vulnerability exists in Knowage versions prior to 7.4. The vulnerability can be exploited to inject arbitrary external scripts into /restful-services/publish via the 'EXECFROM' parameter, whic...

5.4CVSS6.1AI score0.00616EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/06 12:0 a.m.8 views

Knowage HTML Injection Vulnerability

Knowage is a suite of open source tools for modern business analytics. An HTML injection vulnerability exists in Knowage versions prior to 7.4. The vulnerability can be exploited to inject arbitrary HTML into "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters...

4.8CVSS6.9AI score0.0066EPSS
Exploits1References1
Rows per page
Query Builder