Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue.
6.1CVSS
5.9AI Score
0.001EPSS
Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request.
8.8CVSS
8.6AI Score
0.001EPSS
In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.
4.9CVSS
5.2AI Score
0.001EPSS
In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page.
5.3CVSS
5.4AI Score
0.001EPSS