2 matches found
CVE-2019-14278
In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page...
CVE-2019-13189
In Knowage through 6.1.1, there is XSS via the starturl or userid field to the ChangePwdServlet page...