Lucene search
K

10 matches found

NVD
NVD
added 2026/06/10 6:16 p.m.13 views

CVE-2026-20258

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic...

7.1CVSS0.00174EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 5:16 p.m.35 views

CVE-2026-20258

This CVE concerns Stored XSS in Splunk Enterprise and Splunk Cloud Platform via a classic dashboard HTML panel. A low-privileged user (not admin/power roles) can store a malicious script that executes in another user’s browser, triggered by a phishing-like action to initiate a request. Affected v...

7.1CVSS5.7AI score0.00174EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/10 5:16 p.m.30 views

CVE-2026-20258 Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic...

7.1CVSS0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 5:16 p.m.28 views

CVE-2026-20257 Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrate...

5.7CVSS0.00198EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 5:16 p.m.19 views

CVE-2026-20257

CVE-2026-20257 affects Splunk Enterprise (versions below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132). A low-privileged user without admin/power roles can craft a classic dashboard that exfiltrates sensitive data from the...

5.7CVSS5.5AI score0.00198EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

5.7CVSS5.9AI score0.00198EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48498

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic...

7.1CVSS5.7AI score0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/14 5:3 p.m.23 views

CVE-2024-45734 Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed...

4.3CVSS0.00349EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/14 5:3 p.m.16 views

CVE-2024-45734 Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed...

4.3CVSS7.2AI score0.00349EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.4 views

Splunk Enterprise 安全漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions 9.2.x prior to 9.2.3 and 9.1.x prior to 9.1.6, which stems from a low-privileged user being able to view an image on a...

4.3CVSS6.6AI score0.00349EPSS
Exploits0References4
Rows per page
Query Builder