In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload.

Affected configurations

Nvd

Node

splunksplunkRange8.1.0–8.1.14enterprise

splunksplunkRange8.2.0–8.2.11enterprise

splunksplunkRange9.0.0–9.0.5enterprise

References

advisory.splunk.com/advisories/SVD-2023-0605

research.splunk.com/application/8a43558f-a53c-4ee4-86c1-30b1e8ef3606/

cvelist 2

nessus 32

prion 2

cve 2

veracode 1

debiancve 1

ibm 21

ubuntucve 1

redhatcve 1

osv 5

github 3

redhat 15

nvd 1

rubygems 3

githubexploit 1

typo3 1

gitlab 1

f5 1

hackerone 2

nodejs 1

freebsd 1

laminas 1

openvas 1

jvn 1

ics 1

centos 1

almalinux 2

rocky 2

oraclelinux 3

amazon 1

oracle 1

cvelist

CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View

2023-06-01 16:34:27

CVE-2019-8331

2019-02-20 16:00:00

nessus

Splunk Enterprise 8.1.0 < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0605)

2023-06-01 00:00:00

RHEL 8 : Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) (RHSA-2022:8848)

2023-01-23 00:00:00

F5 Networks BIG-IP : Bootstrap vulnerability (K24383845)

2019-12-31 00:00:00

prion

Cross site scripting

2023-06-01 17:15:00

Design/Logic Flaw

2019-02-20 16:29:00

cve

CVE-2023-32711

2023-06-01 17:15:10

CVE-2019-8331

2019-02-20 16:29:00

veracode

Cross-site Scripting (XSS)

2019-02-14 08:50:01

debiancve

CVE-2019-8331

2019-02-20 16:29:00

ibm

Security Bulletin: IBM API Connect Developer Portal is affected by a cross site scripting vulnerability in Bootstrap (CVE-2019-8331)

2019-04-04 14:55:02

Security Bulletin: IBM Security Information Queue uses components with known vulnerabilities (CVE-2019-8331, CVE-2019-11358)

2020-04-07 16:23:23

Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation

2022-03-02 16:40:15

ubuntucve

CVE-2019-8331

2019-02-20 00:00:00

redhatcve

CVE-2019-8331

2020-01-04 09:44:24

osv

Bootstrap Vulnerable to Cross-Site Scripting

2019-02-22 20:54:47

CVE-2019-8331

2019-02-20 16:29:00

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

github

Moderate severity vulnerability that affects Bootstrap.Less, bootstrap, and bootstrap.sass

2019-02-22 20:54:40

Moderate severity vulnerability that affects bootstrap and bootstrap-sass

2019-02-22 20:54:27

Bootstrap Vulnerable to Cross-Site Scripting

2019-02-22 20:54:47

redhat

(RHSA-2022:8865) Moderate: Red Hat OpenStack 16.1.9 (python-XStatic-Bootstrap-SCSS) security update

2022-12-07 20:09:53

(RHSA-2022:8848) Moderate: Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) security update

2022-12-07 19:00:35

(RHSA-2019:3024) Moderate: ovirt-web-ui security and bug fix update

2019-10-10 14:49:46

nvd

CVE-2019-8331

2019-02-20 16:29:00

rubygems

XSS vulnerability in bootstrap

2019-02-14 21:00:00

XSS vulnerability in bootstrap-sass

2019-02-14 21:00:00

twitter-bootstrap-rails vulnerable to Cross-Site Scripting (XSS)

2019-02-14 21:00:00

githubexploit

Exploit for Cross-site Scripting in Getbootstrap Bootstrap

2020-12-01 09:18:58

typo3

Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0

2019-05-07 00:00:00

gitlab

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

2019-02-20 00:00:00

K24383845 : Bootstrap vulnerability CVE-2019-8331

2019-04-10 00:00:00

hackerone

Sifchain: Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation

2021-06-05 15:52:39

Sifchain: Vulnerable javascript dependency at Main domain

2021-05-07 20:48:11

nodejs

Cross-Site Scripting

2019-05-22 18:03:13

freebsd

mantis -- multiple vulnerabilities

2019-08-28 00:00:00

laminas

XSS vectors in laminas-api-tools/api-tools

2020-04-01 21:30:00

openvas

Pi-hole Web Interface < 5.0 Multiple Vulnerabilities

2020-05-12 00:00:00

jvn

JVN#06527859: KinagaCMS vulnerable to cross-site scripting

2019-03-15 00:00:00

ics

Mitsubishi Electric EcoWebServerIII

2022-02-24 12:00:00

centos

ipa, python2 security update

2020-10-20 18:15:27

almalinux

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-03 12:29:58

rocky

idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-03 12:29:58

oraclelinux

ipa security, bug fix, and enhancement update

2020-10-06 00:00:00

idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-10 00:00:00

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-10 00:00:00

amazon

Medium: ipa

2020-10-22 17:40:00

oracle

Oracle Critical Patch Update Advisory - April 2021

2021-04-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

69.5%

JSON

Related for NVD:CVE-2023-32711

cvelist2 nessus32 prion2 cve2 veracode1 debiancve1 ibm21 ubuntucve1 redhatcve1 osv5 github3 redhat15 nvd1 rubygems3 githubexploit1 typo31 gitlab1 f51 hackerone2 nodejs1 freebsd1 laminas1 openvas1 jvn1 ics1 centos1 almalinux2 rocky2 oraclelinux3 amazon1 oracle1