CVE-2016-4858Cross-site Scripting in Splunk

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.2%
top 60.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SplunkSplunk INC Splunk EnterpriseSplunk INC Splunk Light
Timeline
PublishedMay 12
Latest updateMay 17

Description

Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

CVEListV5splunk_inc/splunk_enterprise6 versions+5
CVEListV5splunk_inc/splunk_lightprior to 6.4.2
NVDsplunk/splunk6.4.2+58

🔴Vulnerability Details

2
GHSA
GHSA-jqwm-h8cf-c265: Cross-site scripting vulnerability in Splunk Enterprise 62022-05-17
CVEList
CVE-2016-4858: Cross-site scripting vulnerability in Splunk Enterprise 62017-05-12
CVE-2016-4858 — Cross-site Scripting in Splunk | cvebase