CVE-2022-39295
Improper Neutralization of Alternate XSS Syntax in Knowage-Server
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds.
Knowage es una suite de código abierto para una alternativa de análisis empresarial moderna sobre sistemas de big data. KnowageLabs / Knowage-Server a partir de la rama 6.x y versiones anteriores a 7.4.22, 8.0.9, y 8.1.0 es vulnerable a un ataque de tipo cross-site scripting porque el método "XSSRequestWrapper::stripXSS" puede ser evitado. Las versiones 7.4.22, 8.0.9 y 8.1.0 contienen parches para este problema. No se presentan mitigaciones conocidas
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2022-09-02 CVE Reserved
- 2022-10-13 CVE Published
- 2025-04-22 CVE Updated
- 2025-04-22 First Exploit
- 2025-07-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CWE-87: Improper Neutralization of Alternate XSS Syntax
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-f2gr-6h9j-rwcw | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Eng Search vendor "Eng" | Knowage Search vendor "Eng" for product "Knowage" | >= 6.1.0 < 7.4.22 Search vendor "Eng" for product "Knowage" and version " >= 6.1.0 < 7.4.22" | - |
Affected
| ||||||
Eng Search vendor "Eng" | Knowage Search vendor "Eng" for product "Knowage" | >= 8.0.0 < 8.0.9 Search vendor "Eng" for product "Knowage" and version " >= 8.0.0 < 8.0.9" | - |
Affected
|