cbcvebase.
CVE-2023-46213
published 2023-11-16

CVE-2023-46213: In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized…

PriorityP422medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.47%
37.5th percentile
In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.

Affected

6 ranges
VendorProductVersion rangeFixed in
splunkcloud< 9.1.23089.1.2308
splunksplunk>= 9.0.0 < 9.0.79.0.7
splunksplunk>= 9.1.0 < 9.1.29.1.2
splunksplunk_cloud>= - < 9.1.23089.1.2308
splunksplunk_enterprise>= 9.0 < 9.0.79.0.7
splunksplunk_enterprise>= 9.1 < 9.1.29.1.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.