Splunk Security Vulnerabilities and Issues — Splunk CVE List

Lucene search

SplunkSplunk

5 matches found

CVE•added 2014/10/21 3:55 p.m.•89 views

CVE-2014-8380

Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression.

4.3CVSS5.6AI score0.03324EPSS

CVE•added 2014/10/16 7:55 p.m.•44 views

CVE-2014-8302

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard.

3.5CVSS5.8AI score0.00185EPSS

CVE•added 2014/10/16 7:55 p.m.•42 views

CVE-2014-8301

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header.

4.3CVSS5.8AI score0.00263EPSS

CVE•added 2014/10/16 7:55 p.m.•40 views

CVE-2014-8303

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing.

4.3CVSS5.7AI score0.00263EPSS

CVE•added 2014/10/10 1:55 a.m.•35 views

CVE-2014-3147

Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.

3.5CVSS5.3AI score0.00185EPSS