Eng ≫ Knowage

In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue.