CVE-2025-3019Cross-site Scripting in Business HUB

CWE-79Cross-site ScriptingCWE-416Use After Free4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 48.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Knime Business HUBKnime Business HUB
Timeline
PublishedMar 31

Description

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module. There are no viable workarounds therefore we strongly recommend to u

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Packages2 packages

NVDknime/business_hub1.13.01.13.3+1
CVEListV5knime/knime_business_hub1.13.01.13.3+1

🔴Vulnerability Details

2
GHSA
GHSA-4c3m-33r2-8r8w: KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages2025-03-31
CVEList
Cross-site scripting vulnerabilities in KNIME Business Hub web pages2025-03-31

📋Vendor Advisories

1
Microsoft
Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest()2023-07-11
CVE-2025-3019 — Cross-site Scripting in Business HUB | cvebase