CVE-2025-20367

🗓️ 01 Oct 2025 16:08:01Reported by ciscoType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 6 Views🌐 WEB

CVE-2025-20367: Low-privilege user can trigger reflected CXP via dataset.command in /app/search/table on vulnerable Splunk versions.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-20367	1 Oct 202518:00	–	circl
CNNVD	Splunk Cloud Platform和Splunk Enterprise 跨站脚本漏洞	1 Oct 202500:00	–	cnnvd
Cvelist	CVE-2025-20367 Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise	1 Oct 202516:08	–	cvelist
EUVD	EUVD-2025-32027	3 Oct 202520:07	–	euvd
NVD	CVE-2025-20367	1 Oct 202517:15	–	nvd
OSV	CVE-2025-20367	1 Oct 202517:15	–	osv
Positive Technologies	PT-2025-40270	1 Oct 202500:00	–	ptsecurity
Tenable Nessus	Splunk Enterprise 9.2.0 < 9.2.8, 9.3.0 < 9.3.6, 9.4.0 < 9.4.4 (SVD-2025-1002)	2 Oct 202500:00	–	nessus
Vulnrichment	CVE-2025-20367 Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise	1 Oct 202516:08	–	vulnrichment

NVD

Node

splunk splunkRange9.2.0–9.2.8enterprise

splunk splunkRange9.3.0–9.3.6enterprise

splunk splunkRange9.4.0–9.4.4enterprise

splunk splunk_cloud_platformRange9.2.2406–9.2.2406.122

splunk splunk_cloud_platformRange9.3.2408–9.3.2408.119

splunk splunk_cloud_platformRange9.3.2411–9.3.2411.109

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "10.0",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.0.0"
      },
      {
        "version": "9.4",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.4.4"
      },
      {
        "version": "9.3",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.6"
      },
      {
        "version": "9.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.8"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.3.2411",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.2411.109"
      },
      {
        "version": "9.3.2408",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.2408.119"
      },
      {
        "version": "9.2.2406",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.2406.122"
      }
    ]
  }
]

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2025-1002

Parameter	Position	Path	Description	CWE
dataset.command	query param	app/search/table	Low-privileged user can craft payload via dataset.command in /app/search/table leading to execution of unauthorized JavaScript in another user’s browser (stored/reflected XSS).	CWE-79

08 Oct 2025 20:22Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.15.4 - 5.7

EPSS0.00046

SSVC

CWE-79