3 matches found
CVE-2022-26889
In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page e.g., HTML Injection, XSS or bypass SPL safeguards for risky commands. The attack...
CVE-2022-26889 Path Traversal in search parameter results in external content injection
In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page e.g., HTML Injection, XSS or bypass SPL safeguards for risky commands. The attack...
CVE-2022-26889
Splunk Enterprise before 8.1.2 is vulnerable to a path traversal flaw in the URI path used to load a relative resource within a web page. The root cause is lack of proper filtering of relative URL paths, enabling potential arbitrary content injection (HTML Injection, XSS) or bypass of SPL safegua...