CVE-2021-30214

Name of the Vulnerable Software and Affected Versions Knowage Suite version 7.3

Description The issue concerns Stored Client-Side Template Injection. It affects the '/knowage/restful-services/signup/update' endpoint via the name parameter.

Recommendations For Knowage Suite version 7.3, consider disabling access to the '/knowage/restful-services/signup/update' endpoint until a patch is available. As a temporary workaround, restrict the use of the name parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.