CVE-2023-46213 — Cross-site Scripting in Cloud

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 61.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Cloud Splunk Enterprise Splunk Cloud +1 more

Timeline

PublishedNov 16

Description

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5splunk/splunk_enterprise9.0 — 9.0.7+1

▶NVDsplunk/cloud< 9.1.2308

▶NVDsplunk/splunk9.0.0 — 9.0.7+1

▶CVEListV5splunk/splunk_cloud- — 9.1.2308

🔴Vulnerability Details

GHSA

GHSA-vfv2-6xpw-mqmp: In Splunk Enterprise versions below 9↗2023-11-16

▶

CVEList

Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page↗2023-11-16

▶