133 matches found
Splunk Web Open Redirect Vulnerability
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze machine-generated data, including data generated by all IT systems and infrastructures physical, virtual, and cloud.Splunk Web is one of...
Splunk Web Open Redirect Vulnerability
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze machine-generated data, including data generated by all IT systems and infrastructures physical, virtual, and cloud.Splunk Web is one of...
CVE-2015-7604
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-7604
The CVE-2015-7604 entry concerns Splunk Web in Splunk Enterprise 6.2.x prior to 6.2.6 and Splunk Light 6.2.x prior to 6.2.6, where an XSS flaw allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected component: Splunk Web in the 6.2.x line. Root cause detai...
Cross site scripting
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header...
CVE-2015-6515
CVE-2015-6515 involves an XSS flaw in Splunk Web for Splunk Enterprise (versions 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, 5.0.x before 5.0.13) and Splunk Light 6.2.x before 6.2.4. The vulnerability allows remote attackers to inject arbitrary web script or HTML via an HTTP heade...
CVE-2015-6515
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header...
Splunk Enterprise 6.2.x < 6.2.2 Multiple Vulnerabilities (FREAK)
According to its version number, the Splunk Enterprise hosted on the remote web server is version 6.2.x prior to 6.2.2. It is, therefore, affected by the following vulnerabilities : - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allo...
CVE-2014-8303
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing...
CVE-2014-8301
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header...
Cross site scripting
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header...
CVE-2014-8303
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing...
CVE-2014-8301
CVE-2014-8301 is a cross-site scripting (XSS) vulnerability in Splunk Web of Splunk Enterprise 5.0.x prior to 5.0.10. The issue arises from improper handling/validation of the HTTP Referer header, allowing remote attackers to inject arbitrary web script or HTML into a user’s browser session. The ...
CVE-2014-8302
CVE-2014-8302 is a documented cross-site scripting (XSS) vulnerability in Splunk Web for Splunk Enterprise. Affected are Splunk Web dashboards in: 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10. The issue arises from improper validation in the dashboard-related components, allowi...
CVE-2014-8303
CVE-2014-8303 is a documented cross-site scripting (XSS) vulnerability in Splunk Web for Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6. The issue allows a remote attacker to inject arbitrary web script or HTML via vectors related to event parsing. The NVD entry provides a base score...
Cross site scripting
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...
CVE-2014-5198
The CVE-2014-5198 entry concerns Splunk Enterprise 6.1.x prior to 6.1.3 where an XSS vulnerability exists in Splunk Web. The root cause is improper handling/validation of the Referer header, allowing remote attackers to inject arbitrary web script or HTML in the victim’s browser. Affected compone...
Cross site scripting
Cross-site scripting XSS vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-6447
Concretely, CVE-2012-6447 affects Splunk Web in Splunk 5.0.0–5.0.2, where a cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary script/HTML via unspecified vectors. The issue is mitigated by upgrading to a fixed release (e.g., Splunk 5.0.3 or later) as indicated b...