Splunk Enterprise 8.2.9 / 9.0.2 Vulnerability Scanner

This is a scanner that checks if a Splunk Enterprise system is susceptible to CVE‑2022‑43571, an authenticated remote code execution vulnerability. The vulnerability exists due to insufficient input sanitization in SimpleXML dashboard style parameters such as lineColor or fillColor. When a...

📄 Splunk Enterprise 8.2.9 / 9.0.2 Authenticated Remote Code Execution

Proof of concept exploit for CVE-2022-43571, a critical authenticated remote code execution vulnerability affecting Splunk Enterprise versions 8.2.9 and 9.0.2. The flaw resides in the SimpleXML dashboard PDF generation process, where insufficient input sanitization allows a privileged authenticat...

CVE-2024-6586

Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to...

CVE-2024-6586

Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to...

CVE-2024-6586

Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to...

Lightdash 安全漏洞

Lightdash is a visual data analysis tool from Lightdash open source. A security vulnerability exists in Lightdash version 0.1024.6, which stems from a server-side request forgery SSRF issue that could allow a threat participant to obtain a user's session token when the user exports a dashboard th...

CVE-2023-42504

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0...

PT-2023-28378 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.0 Description: The issue allows an authenticated malicious user to initiate multiple concurrent requests, each requesting multiple dashboard exports. This could lead to a possible denial of service...

IBOS SQL Injection Vulnerability

IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which stems from unknown processing in ?r=dashboard/user/export&uid=X, resulting in sql injection...

WordPress plugin Advanced Page Visit Counter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Advanced Page Visit Counter plug...