CVE-2022-39295
MEDIUMKnowage 6.1.0-7.4.21 - Cross-Site Scripting via XSSRequestWrapper Bypass
Title source: llmDescription
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds.
References (2)
Core 2
Core References
Scores
CVSS v3
6.1
EPSS
0.0053
EPSS Percentile
41.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
CWE-87
Status
published
Products (1)
eng/knowage
6.1.0 - 7.4.22
Published
Oct 13, 2022
Tracked Since
Feb 18, 2026