Knowage@* Security Vulnerabilities and Issues — Knowage@* CVE List

Lucene search

EngKnowage*

4 matches found

CVE•added 2021/04/05 11:15 a.m.•34 views

CVE-2021-30058

Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter.

6.1CVSS6AI score0.00293EPSS

CVE•added 2021/04/05 11:15 a.m.•30 views

CVE-2021-30056

Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.

5.4CVSS5.2AI score0.00206EPSS

CVE•added 2021/04/05 11:15 a.m.•29 views

CVE-2021-30055

A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.

8.8CVSS8.9AI score0.00569EPSS

CVE•added 2021/04/05 11:15 a.m.•28 views

CVE-2021-30057

A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.

4.8CVSS5.2AI score0.00321EPSS