9 matches found
CVE-2025-20385
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...
CVE-2025-20385
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...
CVE-2025-20385
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...
CVE-2025-20385 Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...
CVE-2025-20385 Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...
CVE-2025-20385
CVE-2025-20385 affects Splunk Enterprise below 10.0.2, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.6, 10.0.2503.7, 9.3.2411.117. A high-privilege user (admin_all_objects) can craft a malicious payload via the href attribute of an anchor tag in a navigation bar collection, resul...
Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.2 (SVD-2025-1204)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1204 advisory. - In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6,...
PT-2025-4607 · Splunk · Splunk App For Soar
Name of the Vulnerable Software and Affected Versions: Splunk App for SOAR versions 1.0.67 and lower Description: The issue is related to improper access control. In the affected versions of the Splunk App for SOAR, the documentation recommended adding the admin all objects capability to the splu...
Prototype Pollution
Overview All versions of reggae are vulnerable to prototype pollution. The function set does not restrict the modification of an Object's prototype, which may allow a malicious to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...