Unrated severityNVD Advisory· Published Mar 31, 2025· Updated Mar 31, 2025
Cross-site scripting vulnerabilities in KNIME Business Hub web pages
CVE-2025-3019
Description
KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module.
There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub:
- 1.13.3 or later
- 1.12.4 or later
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=1.12.4, <1.13.3+ 1 more
- (no CPE)range: >=1.12.4, <1.13.3
- (no CPE)range: 1.13.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.