223 matches found
CVE-2021-30213
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...
CVE-2021-30214
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...
Cross site scripting
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter...
Cross site scripting
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter...
Cross site scripting
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...
Design/Logic Flaw
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...
CVE-2021-30213
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...
CVE-2021-30213
Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary web script via the targetService parameter in the /servlet/AdapterHTTP endpoint. Impact, as described, could allow malicious scripts to run in the victim’s browser, p...
CVE-2021-30214
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...
CVE-2021-30214
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection at /knowage/restful-services/signup/update through the name parameter. Root cause: the system stores client templates via the name parameter, enabling injection. Impact per sources is limited to client-side template manipula...
CVE-2021-30212
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter...
CVE-2021-30212
CVE-2021-30212 affects Knowage Suite 7.3 and is a Stored Cross-Site Scripting (XSS) vulnerability. The exposed component is the RESTful service at /knowage/restful-services/documentnotes/saveNote, where an attacker can inject arbitrary web scripts via the nota parameter. The CVE details in the co...
CVE-2021-30211
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter...
CVE-2021-30211
CVE-2021-30211 affects Knowage Suite 7.3. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the REST endpoint /knowage/restful-services/signup/update, exploitable via the surname parameter. The issue allows an attacker to inject arbitrary web scripts, potentially executed in victim...
Knowage 跨站脚本漏洞
Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "name" parameter...
Knowage 跨站脚本漏洞
Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "targetService" parameter...
Knowage 跨站脚本漏洞
Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "nota" parameter...
Knowage 注入漏洞
Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A security vulnerability exists in Knowage Suite version 7.3. The vulnerability stems from the program's tendency to store client templates in...
Knowage Cross-Site Scripting Vulnerability (CNVD-2021-26380)
Knowage is a suite of open source tools for modern business analytics. A reflective cross-site scripting vulnerability exists in Knowage versions prior to 7.4. The vulnerability can be exploited to inject arbitrary external scripts into /restful-services/publish via the 'EXECFROM' parameter, whic...
Knowage HTML Injection Vulnerability
Knowage is a suite of open source tools for modern business analytics. An HTML injection vulnerability exists in Knowage versions prior to 7.4. The vulnerability can be exploited to inject arbitrary HTML into "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters...