Vulnerabilities > ENG > Knowage > 6.1.3

DATE CVE VULNERABILITY TITLE RISK
2019-08-28 CVE-2019-13348 Insufficiently Protected Credentials vulnerability in ENG Knowage
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases.
network
low complexity
eng CWE-522
8.8
8.8
2019-08-28 CVE-2019-13189 Cross-site Scripting vulnerability in ENG Knowage
In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.
network
low complexity
eng CWE-79
6.1
6.1