2 matches found
Splunk 4.3.x < 4.3.6 Unspecified XSS
According to its version number, the Splunk Web hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize unspecified user-supplied input before returning it to the user. An unauthenticated, remote attacker can exploit this issue to...
CVE-2013-2766
CVE-2013-2766 – Splunk Web XSS . Affected: Splunk Web in Splunk 4.3.0–4.3.5. Condition: remote attacker can inject arbitrary script/HTML via unspecified vectors, executed in the victim’s browser. The provided documents do not specify exploit vectors or concrete mitigations; no patch/version conte...