Antonio Scibilia

8 exploits Active since Apr 2021
CVE-2021-30055 WRITEUP HIGH WRITEUP
Knowage < 7.4 - SQL Injection via 'par_year' Parameter in Document Execution URL Analytics Driver
A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.
CVSS 8.8
CVE-2021-30056 WRITEUP MEDIUM WRITEUP
Knowage Suite < 7.4 - Reflected Cross-Site Scripting via EXEC_FROM Parameter
Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.
CVSS 5.4
CVE-2021-30057 WRITEUP MEDIUM WRITEUP
Knowage < 7.4 - Stored HTML Injection via LABEL and NAME Parameters
A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.
CVSS 4.8
CVE-2021-30058 WRITEUP MEDIUM WRITEUP
Knowage Suite < 7.4 - Cross-Site Scripting via SBI_HOST Parameter
Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter.
CVSS 6.1
CVE-2021-30211 WRITEUP MEDIUM WRITEUP
Knowage Suite 7.3 - Stored Cross-Site Scripting via Surname Parameter
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter.
CVSS 5.4
CVE-2021-30212 WRITEUP MEDIUM WRITEUP
Knowage Suite 7.3 - Stored Cross-Site Scripting via Document Notes 'nota' Parameter
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter.
CVSS 5.4
CVE-2021-30213 WRITEUP MEDIUM WRITEUP
Knowage Suite 7.3 - Unauthenticated Reflected Cross-Site Scripting via AdapterHTTP TargetService Parameter
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.
CVSS 6.1
CVE-2021-30214 WRITEUP MEDIUM WRITEUP
Knowage Suite 7.3 - Stored Client-Side Template Injection via Name Parameter
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter.
CVSS 5.4