EUVD-2023-36942

Malicious code in bioql PyPI...

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2023-32715

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the...

Design/Logic Flaw

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the...

CVE-2023-32714

CVE-2023-32714 describes a path traversal vulnerability in the Splunk App for Lookup File Editing versions below 4.0.1 . A low-privileged user can send a specially crafted web request to trigger traversal and gain read/write access to restricted areas of the Splunk installation directory. Impact ...

CVE-2023-32714 Path Traversal in Splunk App for Lookup File Editing

In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory...

CVE-2023-32715 Self Cross-Site Scripting (XSS) on Splunk App for Lookup File Editing

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the...

CVE-2023-32715

CVE-2023-32715 affects Splunk App for Lookup File Editing versions before 4.0.1. The vulnerability is a reflected/Stored XSS scenario where a user can inject malicious JavaScript into the app, with the code executed in the victim’s browser. The underlying issue is that the app’s UI/output can be ...

CVE-2023-32715 Self Cross-Site Scripting (XSS) on Splunk App for Lookup File Editing

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the...

PT-2023-7397 · Splunk · Splunk App For Lookup File Editing

Name of the Vulnerable Software and Affected Versions: Splunk App for Lookup File Editing versions prior to 4.0.1 Description: The issue allows a user to insert potentially malicious JavaScript code into the app, causing it to run on the user's machine. This does not require the app itself to...

PT-2023-8938 · Splunk · Splunk App For Lookup File Editing +1

Name of the Vulnerable Software and Affected Versions: Splunk App for Lookup File Editing versions prior to 4.0.1 Splunk Enterprise affected versions not specified Description: The issue is related to incorrect restriction of a directory path name with limited access. Exploitation may allow a...