RSS   Vulnerabilities for 'Knowage'   RSS

2021-05-12
 
CVE-2021-30211

CWE-79
 

 
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter.

 
 
CVE-2021-30212

CWE-79
 

 
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter.

 
 
CVE-2021-30213

CWE-79
 

 
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.

 
 
CVE-2021-30214

CWE-74
 

 
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter.

 
2021-04-05
 
CVE-2021-30058

CWE-79
 

 
Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter.

 
 
CVE-2021-30057

CWE-74
 

 
A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.

 
 
CVE-2021-30056

CWE-79
 

 
Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.

 
 
CVE-2021-30055

CWE-89
 

 
A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.

 
2019-09-05
 
CVE-2019-13188

CWE-284
 

 
In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application.

 
 
CVE-2019-13190

CWE-287
 

 
In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page.

 


Copyright 2024, cxsecurity.com

 

Back to Top