CVE-2021-30058
Published
CVSS v3
6.1
MEDIUM
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT
Description
Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter.
As a result of researching bugs, I often come across new and interesting vulnerabilities. I finally decided to create a centralized repository for proof of concepts. Everything is sorted by vendor with subdirectories for each product.
GitHub