CVE-2023-46214

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-91
View all →

Vulnerability Description

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

Related Vulnerabilities

CVE-2018-16785

HIGH
CVSS:8.8(High)

XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell

CWE-912018

CVE-2018-19277

HIGH
CVSS:8.8(High)

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file

CWE-912018

CVE-2018-2477

HIGH
CVSS:8.8(High)

Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.

CWE-912018

CVE-2019-17323

HIGH
CVSS:8.8(High)

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to expl...

CWE-912019

CVE-2021-2322

HIGH
CVSS:8.8(High)

Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to comprom...

CWE-912021

CVE-2021-36359

HIGH
CVSS:8.8(High)

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFo...

CWE-912021