CVE-2021-30213 Scanner

Knowage Suite is an open-source business intelligence suite intended to enhance data analysis and visualization for organizations. This product provides features such as data access, advanced statistical analyses and reporting tools to achieve optimal business results. Knowage Suite allows its users to integrate business data from various sources and visualize it through customized reports and analytics.

Recently, a vulnerability has been found in Knowage Suite version 7.3, designated CVE-2021-30213. This vulnerability is an unauthenticated reflected cross-site scripting (XSS) attack that can be injected through the 'targetService' parameter in '/servlet/AdapterHTTP.' An attacker can easily exploit this vulnerability to insert arbitrary web scripts to steal user data and credentials.

When a user clicks on a page hosting the malicious injected script, it will execute within the user's browser. This execution will enable access to the user's session or sensitive information stored in cookies, allowing the attacker to exploit the victim's account. In addition, this vulnerability could be used to launch additional attacks in association with the compromised user’s account.

Thanks to the pro features of the s4e.io platform, readers of this article can quickly and easily gain knowledge of the security vulnerabilities in their digital assets. With s4e.io, it is now possible to protect businesses against unforeseeable risks by staying up to date on potential threats and getting access to expert advice and security tools. Using the platform can ensure businesses maintain secure operations while enhancing confidence and preventing financial loss caused by cyber threats.

REFERENCES

• https://github.com/piuppi/Proof-of-Concepts/blob/main/Engineering/XSS-KnowageSuite7-3_unauth.md