VYPR
Get started
← All advisories
Medium severity4.8NVD Advisory· Published May 12, 2017· Updated May 13, 2026

CVE-2016-4858

CVE-2016-4858

Description

Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected products

61
  • Splunk/Splunk59 versions
    cpe:2.3:a:splunk:splunk:5.0.0:*:*:*:enterprise:*:*:*+ 58 more
    • cpe:2.3:a:splunk:splunk:5.0.0:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.10:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.11:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.12:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.13:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.14:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.15:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.1:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.2:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.3:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.4:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.5:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.6:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.7:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.8:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:5.0.9:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.0.0:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.0.10:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.0.11:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.0.1:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.0.2:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.0.3:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.0.4:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.0.5:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.0.6:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.0.7:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.0.8:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.0.9:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.1.0:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.1.10:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.1.1:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.1.2:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.1.3:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.1.4:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.1.5:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.1.6:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.1.7:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.1.8:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.1.9:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.2.0:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.2.10:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.2.1:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.2.2:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.2.3:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.2.4:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.2.5:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.2.6:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.2.7:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.2.8:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.2.9:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.3.0:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.3.1:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.3.2:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.3.3:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.3.4:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.3.5:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.4.0:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:6.4.1:*:*:*:enterprise:*:*:*
    • cpe:2.3:a:splunk:splunk:*:*:*:*:light:*:*:*range: <=6.4.2
  • Splunk Inc./Splunk Enterprisev5
    Range: 6.4.x prior to 6.4.2
  • Splunk Inc./Splunk Lightv5
    Range: prior to 6.4.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.