Lucene search

K
EngKnowage

6 matches found

CVE
CVE
added 2021/05/12 5:15 p.m.53 views

CVE-2021-30213

Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.

6.1CVSS6AI score0.0257EPSS
CVE
CVE
added 2022/10/13 11:15 p.m.53 views

CVE-2022-39295

Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be bypas...

6.1CVSS6AI score0.00076EPSS
CVE
CVE
added 2021/04/05 11:15 a.m.34 views

CVE-2021-30058

Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter.

6.1CVSS6AI score0.00293EPSS
CVE
CVE
added 2018/06/13 11:29 p.m.32 views

CVE-2018-12355

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue.

6.1CVSS5.9AI score0.0023EPSS
CVE
CVE
added 2019/08/28 4:15 p.m.28 views

CVE-2019-13189

In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.

6.1CVSS5.9AI score0.0021EPSS
CVE
CVE
added 2023/07/03 7:15 p.m.24 views

CVE-2023-36819

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint _/knowage/restful-services/dossier/importTemplateFile_ allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch ...

6.5CVSS6.2AI score0.00126EPSS