KNIME Server – DOM-based XSS in a login panel
4.13.3, 4.12.4, 4.11.5
4.13.4, 4.12.5, 4.12.6
Update to KNIME Server version 4.13.4, 4.12.5, or 4.12.6
If the victim user is an administrator, it could be used to create a new administrator.
To exploit the vulnerability it is required to create a specially crafted URL and convince the victim to open it.
No authentication is required to exploit the vulnerability, however, authenticated users can be targeted.
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.