Description
KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.3 or later * 1.12.4 or later
Details
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| business-hub | 1.13.0 | 1.13.3 |
References
Similar Threats
- Medium CVE-2025-14262
- Medium CVE-2025-11239
- High CVE-2025-11240
- High CVE-2025-2402
- High CVE-2025-2787
Patch Gap Protection
Running software with known vulnerabilities?
BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.
Start Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.