Cross site scripting

Knowage Suite before 7.4 is vulnerable to cross-site scripting XSS. An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBIHOST' parameter...