CVE-2024-36992Cross-site Scripting in Cloud Platform

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.5%
top 35.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Cloud PlatformSplunk EnterpriseSplunk
Timeline
PublishedJul 1

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripti

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

CVEListV5splunk/splunk_cloud_platform9.1.23129.1.2312.200+1
NVDsplunk/splunk_cloud_platform9.1.23089.1.2308.207+1
CVEListV5splunk/splunk_enterprise9.29.2.2+2
NVDsplunk/splunk9.0.09.0.10+2

🔴Vulnerability Details

2
GHSA
GHSA-6m8w-jqvr-3jhh: In Splunk Enterprise versions below 92024-07-01
CVEList
Persistent Cross-site Scripting (XSS) in Dashboard Elements2024-07-01
CVE-2024-36992 — Cross-site Scripting in Splunk | cvebase