Kerny3D

**Name of the Vulnerable Software and Affected Versions** Knowage-Server versions 6.x through 7.4.21 Knowage-Server versions 8.0.0 through 8.0.8 Knowage-Server versions 8.1.0 is not affected, but versions prior to 8.1.0 are, so it is: Knowage-Server versions 6.x through 8.0.8 **Description** Knowage is an open source suite for modern business analytics alternative over big data systems. The software is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. **Recommendations** For Knowage-Server versions 6.x through 7.4.21, update to version 7.4.22 or later. For Knowage-Server versions 8.0.0 through 8.0.8, update to version 8.0.9 or later. As a temporary workaround, consider disabling the `XSSRequestWrapper::stripXSS` method until a patch is available.