Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise
Description
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a View (Settings - User Interface - Views) at the /manager/launcher/data/ui/views/_new endpoint leading to a Stored Cross-Site Scripting (XSS) through a path traversal vulnerability. This could result in execution of unauthorized JavaScript code in the browser of a user.
The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
Affected products
4- Range: <9.3.2411.123 or <10.0.2503.11 or <10.1.2507.15 or <10.2.2510.4
- Range: <9.3.9 or <9.4.9 or <10.0.3 or <10.2.0
- Splunk/Splunk Cloud Platformv5Range: 10.2.2510
- Splunk/Splunk Enterprisev5Range: 10.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.