Design/Logic Flaw

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser...

PT-2023-6956 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions below 9.0.7 and 9.1.2 Description: The issue is related to the improper sanitization of extensible stylesheet language transformations XSLT supplied by users in Splunk Enterprise. This allows an attacker to upload...