Lucene search
SplunkCVELIST:CVE-2022-43568HistoryNov 04, 2022 - 10:22 p.m.
CVE-2022-43568 Reflected Cross-Site Scripting via the radio template in Splunk Enterprise
2022-11-0422:22:13
CWE-79
Splunk
www.cve.org
4
splunk enterprise
reflected cross-site scripting
radio template
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
36.9%
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "8.1.12",
"status": "affected",
"version": "8.1",
"versionType": "custom"
},
{
"lessThan": "8.2.9",
"status": "affected",
"version": "8.2",
"versionType": "custom"
},
{
"lessThan": "9.0.2",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site scripting
2022-11-04 23:15:00
nessus
nessus
Splunk Enterprise 8.1 < 8.1.12, 8.2.0 < 8.2.9, 9.0.0 < 9.0.2 (SVD-2022-1108)
2022-11-03 00:00:00
nvd
nvd
CVE-2022-43568
2022-11-04 23:15:10
cve
cve
CVE-2022-43568
2022-11-04 23:15:10
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
36.9%
Related for CVELIST:CVE-2022-43568