226 matches found
CVE-2023-35154 Knowage-Server vulnerable to account validation bypass
Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This...
PT-2023-25172 · Knowage · Knowage
Name of the Vulnerable Software and Affected Versions: Knowage versions 6.0.0 through 8.1.7 Description: The issue allows an attacker to register and activate their account without having to click on the link included in the email, giving them access to the application as a normal user...
Knowage 授权问题漏洞
Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage Italy. An authorization issue vulnerability exists in Knowage versions prior to 6.0.0 to 8.1.8, which stems from an account authentication bypass issue...
CVE-2022-39295
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...
Cross site scripting
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...
CVE-2022-39295 Improper Neutralization of Alternate XSS Syntax in Knowage-Server
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...
CVE-2022-39295
CVE-2022-39295 affects Knowage-Server (KnowageLabs) 6.x and earlier, with vulnerable versions prior to 7.4.22, 8.0.9, and 8.1.0. The issue is a cross-site scripting vulnerability where the XSSRequestWrapper.stripXSS method can be bypassed. Patches are available in 7.4.22, 8.0.9, and 8.1.0. No pub...
CVE-2022-39295 Improper Neutralization of Alternate XSS Syntax in Knowage-Server
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...
Knowage 跨站脚本漏洞
Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A security vulnerability exists in Knowage versions 6.xx series, versions prior to 7.4.22, versions prior to 8.0.9, and versions prior to 8.1.0, which can be exploited by an...
CVE-2022-39295 Improper Neutralization of Alternate XSS Syntax in Knowage-Server
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...
Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34490)
Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "name" parameter...
Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34492)
Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "nota" parameter...
Knowage Code Execution Vulnerability
Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A security vulnerability exists in Knowage Suite version 7.3. The vulnerability stems from the program's tendency to store client templates in...
Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34493)
Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "targetService" parameter...
CVE-2021-30212
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter...
CVE-2021-30211
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter...
CVE-2021-30213
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...
CVE-2021-30214
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...
CVE-2021-30212
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter...
CVE-2021-30213
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...