Lucene search
+L

226 matches found

Cvelist
Cvelist
added 2023/06/23 8:20 p.m.24 views

CVE-2023-35154 Knowage-Server vulnerable to account validation bypass

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This...

7.2CVSS7.1AI score0.0038EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/23 12:0 a.m.9 views

PT-2023-25172 · Knowage · Knowage

Name of the Vulnerable Software and Affected Versions: Knowage versions 6.0.0 through 8.1.7 Description: The issue allows an attacker to register and activate their account without having to click on the link included in the email, giving them access to the application as a normal user...

7.2CVSS6.3AI score0.0038EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.12 views

Knowage 授权问题漏洞

Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage Italy. An authorization issue vulnerability exists in Knowage versions prior to 6.0.0 to 8.1.8, which stems from an account authentication bypass issue...

7.2CVSS6.4AI score0.0038EPSS
Exploits0References2
NVD
NVD
added 2022/10/13 11:15 p.m.33 views

CVE-2022-39295

Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...

6.1CVSS0.00531EPSS
Exploits1References2
Prion
Prion
added 2022/10/13 11:15 p.m.20 views

Cross site scripting

Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...

5.8CVSS6AI score0.00531EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/10/13 12:0 a.m.46 views

CVE-2022-39295 Improper Neutralization of Alternate XSS Syntax in Knowage-Server

Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...

6.1CVSS6.2AI score0.00531EPSS
Exploits1References2
CVE
CVE
added 2022/10/13 12:0 a.m.68 views

CVE-2022-39295

CVE-2022-39295 affects Knowage-Server (KnowageLabs) 6.x and earlier, with vulnerable versions prior to 7.4.22, 8.0.9, and 8.1.0. The issue is a cross-site scripting vulnerability where the XSSRequestWrapper.stripXSS method can be bypassed. Patches are available in 7.4.22, 8.0.9, and 8.1.0. No pub...

6.1CVSS6AI score0.00531EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.13 views

CVE-2022-39295 Improper Neutralization of Alternate XSS Syntax in Knowage-Server

Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...

6.1CVSS6.2AI score0.00531EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/13 12:0 a.m.5 views

Knowage 跨站脚本漏洞

Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A security vulnerability exists in Knowage versions 6.xx series, versions prior to 7.4.22, versions prior to 8.0.9, and versions prior to 8.1.0, which can be exploited by an...

6.1CVSS6.3AI score0.00531EPSS
Exploits1References3
OSV
OSV
added 2022/10/13 12:0 a.m.36 views

CVE-2022-39295 Improper Neutralization of Alternate XSS Syntax in Knowage-Server

Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...

6.1CVSS5.9AI score0.00531EPSS
Exploits1References4
CNVD
CNVD
added 2021/05/14 12:0 a.m.6 views

Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34490)

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "name" parameter...

5.4CVSS6.3AI score0.00499EPSS
Exploits0
CNVD
CNVD
added 2021/05/14 12:0 a.m.8 views

Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34492)

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "nota" parameter...

5.4CVSS6.3AI score0.00581EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/14 12:0 a.m.9 views

Knowage Code Execution Vulnerability

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A security vulnerability exists in Knowage Suite version 7.3. The vulnerability stems from the program's tendency to store client templates in...

5.4CVSS6.9AI score0.23795EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/14 12:0 a.m.7 views

Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34493)

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "targetService" parameter...

6.1CVSS6.2AI score0.02721EPSS
Exploits1References1
OSV
OSV
added 2021/05/12 5:15 p.m.4 views

CVE-2021-30212

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter...

5.4CVSS6.2AI score0.00581EPSS
Exploits1References1
NVD
NVD
added 2021/05/12 5:15 p.m.14 views

CVE-2021-30211

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter...

5.4CVSS0.00499EPSS
Exploits0References1
NVD
NVD
added 2021/05/12 5:15 p.m.23 views

CVE-2021-30213

Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...

6.1CVSS0.02721EPSS
Exploits1References1
NVD
NVD
added 2021/05/12 5:15 p.m.19 views

CVE-2021-30214

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...

5.4CVSS0.23795EPSS
Exploits1References1
NVD
NVD
added 2021/05/12 5:15 p.m.17 views

CVE-2021-30212

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter...

5.4CVSS0.00581EPSS
Exploits1References1
OSV
OSV
added 2021/05/12 5:15 p.m.3 views

CVE-2021-30213

Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...

6.1CVSS6.4AI score0.02721EPSS
Exploits1References1
Rows per page
Query Builder