PT-2025-13669 · Knime+1 · Knime Business Hub+1
Published
2025-03-31
·
Updated
2025-04-01
·
CVE-2025-3019
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
KNIME Business Hub versions prior to 1.12.4
KNIME Business Hub versions prior to 1.13.3
Description
The issue is caused by a bug in the widely used nuxt-security module, which leads to cross-site scripting vulnerabilities in KNIME Business Hub's web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary JavaScript may be executed with this user's permissions, potentially resulting in information loss and/or modification of existing data.
Recommendations
For versions prior to 1.12.4, update to version 1.12.4 or later.
For versions prior to 1.13.3, update to version 1.13.3 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Knime Business Hub
Nuxt-Security