CVE-2016-4856Cross-site Scripting in INC Splunk Enterprise

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.3%
top 46.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk INC Splunk EnterpriseSplunk INC Splunk LightSplunk
Timeline
PublishedMay 12
Latest updateMay 17

Description

Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

CVEListV5splunk_inc/splunk_light6.3.x prior to 6.3.5
CVEListV5splunk_inc/splunk_enterprise6.3.x prior to 6.3.5
NVDsplunk/splunk5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-35rm-gh88-rf95: Cross-site scripting vulnerability in Splunk Enterprise 62022-05-17
CVEList
CVE-2016-4856: Cross-site scripting vulnerability in Splunk Enterprise 62017-05-12
CVE-2016-4856 — Cross-site Scripting | cvebase