Lucene search
SplunkCVELIST:CVE-2023-32711HistoryJun 01, 2023 - 4:34 p.m.
CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View
2023-06-0116:34:27
Splunk
www.cve.org
9
cve-2023-32711
persistent cross-site scripting
url validation bypass
splunk enterprise
dashboard view
low-privileged user
bootstrap web framework
cve-2019-8331
stored xss payload
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6
Confidence
High
EPSS
0.003
Percentile
69.5%
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload.
CNA Affected
[
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"version": "8.1",
"status": "affected",
"versionType": "custom",
"lessThan": "8.1.14"
},
{
"version": "8.2",
"status": "affected",
"versionType": "custom",
"lessThan": "8.2.11"
},
{
"version": "9.0",
"status": "affected",
"versionType": "custom",
"lessThan": "9.0.5"
}
]
}
]Related
nessus
nessus
RHEL 8 : Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) (RHSA-2022:8848)
2023-01-23 00:00:00
F5 Networks BIG-IP : Bootstrap vulnerability (K24383845)
2019-12-31 00:00:00
prion
prion
Cross site scripting
2023-06-01 17:15:00
Design/Logic Flaw
2019-02-20 16:29:00
cve
cve
CVE-2023-32711
2023-06-01 17:15:10
CVE-2019-8331
2019-02-20 16:29:00
nvd
nvd
CVE-2023-32711
2023-06-01 17:15:10
CVE-2019-8331
2019-02-20 16:29:00
veracode
veracode
Cross-site Scripting (XSS)
2019-02-14 08:50:01
debiancve
debiancve
CVE-2019-8331
2019-02-20 16:29:00
ibm
ibm
ubuntucve
ubuntucve
CVE-2019-8331
2019-02-20 00:00:00
redhatcve
redhatcve
CVE-2019-8331
2020-01-04 09:44:24
osv
osv
Bootstrap Vulnerable to Cross-Site Scripting
2019-02-22 20:54:47
CVE-2019-8331
2019-02-20 16:29:00
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
github
github
Moderate severity vulnerability that affects Bootstrap.Less, bootstrap, and bootstrap.sass
2019-02-22 20:54:40
Moderate severity vulnerability that affects bootstrap and bootstrap-sass
2019-02-22 20:54:27
Bootstrap Vulnerable to Cross-Site Scripting
2019-02-22 20:54:47
redhat
redhat
(RHSA-2022:8865) Moderate: Red Hat OpenStack 16.1.9 (python-XStatic-Bootstrap-SCSS) security update
2022-12-07 20:09:53
(RHSA-2022:8848) Moderate: Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) security update
2022-12-07 19:00:35
(RHSA-2019:3024) Moderate: ovirt-web-ui security and bug fix update
2019-10-10 14:49:46
rubygems
rubygems
XSS vulnerability in bootstrap
2019-02-14 21:00:00
XSS vulnerability in bootstrap-sass
2019-02-14 21:00:00
twitter-bootstrap-rails vulnerable to Cross-Site Scripting (XSS)
2019-02-14 21:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Getbootstrap Bootstrap
2020-12-01 09:18:58
typo3
typo3
Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0
2019-05-07 00:00:00
gitlab
gitlab
cvelist
cvelist
CVE-2019-8331
2019-02-20 16:00:00
f5
f5
K24383845 : Bootstrap vulnerability CVE-2019-8331
2019-04-10 00:00:00
hackerone
hackerone
nodejs
nodejs
Cross-Site Scripting
2019-05-22 18:03:13
freebsd
freebsd
mantis -- multiple vulnerabilities
2019-08-28 00:00:00
laminas
laminas
XSS vectors in laminas-api-tools/api-tools
2020-04-01 21:30:00
openvas
openvas
Pi-hole Web Interface < 5.0 Multiple Vulnerabilities
2020-05-12 00:00:00
jvn
jvn
JVN#06527859: KinagaCMS vulnerable to cross-site scripting
2019-03-15 00:00:00
ics
ics
Mitsubishi Electric EcoWebServerIII
2022-02-24 12:00:00
centos
centos
ipa, python2 security update
2020-10-20 18:15:27
almalinux
almalinux
rocky
rocky
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
oraclelinux
oraclelinux
ipa security, bug fix, and enhancement update
2020-10-06 00:00:00
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-10 00:00:00
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-10 00:00:00
amazon
amazon
Medium: ipa
2020-10-22 17:40:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6
Confidence
High
EPSS
0.003
Percentile
69.5%
Related for CVELIST:CVE-2023-32711