Knowage Suite prior to 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
eng knowage |
Vulmon