11 matches found
CVE-2025-64302
Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation...
CVE-2025-64302
Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation...
CVE-2025-64302
Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation...
CVE-2025-64302 Advantech DeviceOn/iEdge Cross-site Scripting
Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation...
CVE-2025-64302
The CVE-2025-64302 entry concerns Advantech DeviceOn/iEdge (edge device). The root cause is insufficient input sanitization of dashboard labels/paths, which can allow an attacker to trigger a device error and cause information disclosure or data manipulation . Some connected reports also describe...
CVE-2025-64302 Advantech DeviceOn/iEdge Cross-site Scripting
Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation...
PT-2025-45392
Name of the Vulnerable Software and Affected Versions Splunk Enterprise affected versions not specified Description A lack of proper input validation in the dashboard label or path can enable an attacker to cause a device error, potentially leading to information disclosure or data manipulation...
CVE-2025-20369
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language XML external entity XXE...
CVE-2025-20369 Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language XML external entity XXE...
CVE-2025-20369
The CVE-2025-20369 affects Splunk Enterprise and Splunk Cloud Platform. A low-privilege user not in admin/power roles can perform an XML External Entity (XXE) injection via the dashboard tab label field, potentially enabling Denial of Service (DoS). Affected versions include Splunk Enterprise <...
CVE-2025-20369 Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language XML external entity XXE...