Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
knowage-suite knowage vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-30055
A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.
Eng Knowage
8.8
CVSSv3
CVE-2018-12354
Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request.
Knowage-suite Knowage 6.1.1
6.1
CVSSv3
CVE-2021-30213
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.
Eng Knowage 7.3.0
6.1
CVSSv3
CVE-2021-30058
Knowage Suite prior to 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter.
Eng Knowage
6.1
CVSSv3
CVE-2018-12353
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue.
Knowage-suite Knowage 6.1.1
5.4
CVSSv3
CVE-2021-30211
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter.
Eng Knowage 7.3.0
5.4
CVSSv3
CVE-2021-30214
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter.
Eng Knowage 7.3.0
5.4
CVSSv3
CVE-2021-30212
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter.
Eng Knowage 7.3.0
5.4
CVSSv3
CVE-2021-30056
Knowage Suite prior to 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.
Eng Knowage
5.3
CVSSv3
CVE-2019-14278
In Knowage up to and including 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page.
Knowage-suite Knowage
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »