KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.3 or later * 1.12.4 or later
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:AmberKnime Business Hub
APPKnime< 1.12.41.13.0 – 1.13.3 (bez)
Related vulnerabilities
A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except th...
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability whi...
A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1....
A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save job...
An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remot...