VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 28, 2010· Updated Apr 29, 2026

CVE-2010-2503

CVE-2010-2503

Description

Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple cross-site scripting vulnerabilities in Splunk Web allow remote attackers to inject arbitrary web script or HTML via redirects and user input vectors.

Vulnerability

Multiple cross-site scripting (XSS) vulnerabilities exist in the Splunk Web component of Splunk versions 4.0 through 4.0.10 and 4.1 through 4.1.1. The vulnerabilities are triggered via (1) redirects (SPL-31067), (2) unspecified user-to-user or user-to-admin vectors (SPL-31084), and (3) unspecified user input (SPL-31085). Splunk light forwarders with Splunk Web disabled are not affected [1].

Exploitation

An attacker can exploit these vulnerabilities remotely by crafting malicious input or redirects that are processed by the Splunk Web server. No authentication is required; the attacker only needs network access to the Splunk Web interface. The attack vector involves sending a specially crafted URL or form input that, when processed by Splunk Web, injects arbitrary script into the browser of a user viewing the affected page [1].

Impact

Successful exploitation allows an attacker to execute arbitrary web script or HTML in the context of the Splunk Web interface. This can lead to session hijacking, credential theft, defacement, or other actions performed with the privileges of the victim user within Splunk [1].

Mitigation

Splunk strongly recommends upgrading to version 4.0.11 (for 4.0.x) or the latest version of Splunk (for 4.1.x). Alternatively, apply the critical security patch provided by Splunk. Additionally, implementing the Splunk Hardening Standards can reduce risk. At the time of the advisory, no active exploitation was known [1].

References
  1. Splunk Critical Maintenance Release and Patch

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

14
  • Splunk/Splunk14 versions
    cpe:2.3:a:splunk:splunk:4.0:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:splunk:splunk:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:splunk:splunk:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:splunk:splunk:4.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:splunk:splunk:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:splunk:splunk:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:splunk:splunk:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:splunk:splunk:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:splunk:splunk:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:splunk:splunk:4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:splunk:splunk:4.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:splunk:splunk:4.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:splunk:splunk:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:splunk:splunk:4.1.1:*:*:*:*:*:*:*
    • (no CPE)range: 4.0-4.0.10; 4.1-4.1.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Improper neutralization of user-controllable input before it is placed in web page output allows cross-site scripting in redirects, user-to-user/user-to-admin interactions, and other user input vectors."

Attack vector

An attacker can inject arbitrary web script or HTML via three vectors [ref_id=1]. First, reflective cross-site scripting occurs through crafted redirects (SPL-31067), where a malicious link containing script in the redirect parameter causes the browser to execute the payload. Second, stored cross-site scripting via "user->user or user->admin" vectors (SPL-31084) allows an authenticated attacker to inject script that executes when other users or administrators view the crafted content. Third, an unspecified "user input" vector (SPL-31085) also permits script injection. All three vectors are exploitable over the network [CWE-79].

Affected code

Splunk Web in versions 4.0.0 through 4.0.10 and 4.1.0 through 4.1.1 is affected. The advisory identifies three distinct vulnerable code paths: redirect handling (SPL-31067), unspecified "user->user or user->admin" vectors (SPL-31084), and unspecified "user input" vectors (SPL-31085) [ref_id=1]. The advisory does not disclose specific function names or file paths.

What the fix does

The advisory states that Splunk released a critical maintenance update and patch to remediate these issues [ref_id=1]. The fix neutralizes user-controllable input before it is placed in web page output, preventing script injection in redirects, user-to-user/user-to-admin interactions, and other user input contexts [CWE-79]. No patch diff is provided in the bundle, so the exact code changes are not visible.

Preconditions

  • inputFor redirect vector (SPL-31067): no authentication required; attacker crafts a URL with malicious script in the redirect parameter
  • authFor user->user/user->admin vector (SPL-31084): attacker must be an authenticated Splunk user
  • inputFor unspecified user input vector (SPL-31085): attacker must be able to supply user input to the application
  • networkAll vectors are network-exploitable

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

News mentions

0

No linked articles in our index yet.