CVE-2026-40900 DataEase has SQL Injection via Stacked Queries

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

EUVD-2022-1469

Malicious code in bioql PyPI...

SUSE CVE-2022-23710

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim's browser...

CVE-2022-23710

A flaw was found in Kibana’s data preview pane. This issue allows a Cross-Site scripting attack...

GHSA-M6GG-86C6-GFR9 Withdrawn: Cross-site Scripting in Kibana

Withdrawn: This advisory is for Kibana, not ElasticSearch as it was originally published, and is withdrawn as being out of scope of our supported ecosystems. A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could...

Withdrawn: Cross-site Scripting in Kibana

Withdrawn: This advisory is for Kibana, not ElasticSearch as it was originally published, and is withdrawn as being out of scope of our supported ecosystems. A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could...

Elasticsearch Kibana Cross-Site Scripting Vulnerability (CNVD-2022-23464)

A cross-site scripting vulnerability exists in Elasticsearch Kibana, an open source, browser-based analysis and search Elasticsearch dashboard tool from Elasticsearch Netherlands, which stems from a lack of filtering and escaping of user data in the data preview pane. An attacker could exploit th...

Elastic Kibana XSS Vulnerability (ESA-2022-04)

Elastic Kibana is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-23710

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...

CVE-2022-23710

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...

CVE-2022-23710

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...

Cross site scripting

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...

CVE-2022-23710

CVE-2022-23710 is an XSS vulnerability in Kibana’s Data Preview Pane (Index Pattern Preview Pane). The issue stems from insufficient input filtering/escaping, allowing arbitrary JavaScript in a victim’s browser. Affected products/versions include Kibana self-managed 7.15.x (and related Elastic St...

CVE-2022-23710

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...

Elastic Stack Kibana 跨站脚本漏洞

A cross-site scripting vulnerability exists in Elasticsearch Kibana, an open source, browser-based analysis and search Elasticsearch dashboard tool from Elasticsearch Netherlands, which stems from a lack of filtering and escaping of user data in the data preview pane. An attacker could exploit th...

Splunk <= 4.3.3 Arbitrary File Read

No description provided by source. Exploit Title: Splunk = 4.3.3 Reading Arbitrary Files Contents Date: 09/03/2012 Exploit Author: Marcio Almeida [email protected] Vendor Homepage: http://www.splunk.com/ Software Link: http://www.splunk.com/download?r=header Version: 4.3.3 and priors...

Splunk 4.3.3 Arbitrary File Disclosure

================================================================= - Release date: September 3rd, 2012 - Discovered by: Marcio Almeida of CIPHER Intelligence Labs - Severity: Medium - CVSS Base Score: 6.3 AV:N/AC:M/Au:S/C:C/I:N/A:N/E:P/RL:U/RC:C...

Splunk 4.3.3 - Arbitrary File Read

Splunk 4.3.3 - Arbitrary File Read Exploit Title: Splunk = 4.3.3 Reading Arbitrary Files Contents Date: 09/03/2012 Exploit Author: Marcio Almeida [email protected] Vendor Homepage: http://www.splunk.com/ Software Link: http://www.splunk.com/download?r=header Version: 4.3.3 and priors...