CVE-2024-36997 — Cross-site Scripting in Cloud Platform

CWE-79 — Cross-site Scripting CWE-75 — Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)3 documents3 sources

Severity

8.1HIGHNVD

EPSS

1.0%

top 22.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Cloud Platform Splunk Enterprise Splunk

Timeline

PublishedJul 1

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:NExploitability: 1.7 | Impact: 5.8

Affected Packages4 packages

▶CVEListV5splunk/splunk_cloud_platform9.1.2312 — 9.1.2312.100

▶NVDsplunk/splunk_cloud_platform9.1.2312 — 9.1.2312.100

▶CVEListV5splunk/splunk_enterprise9.2 — 9.2.2+2

▶NVDsplunk/splunk9.0.0 — 9.0.10+2

🔴Vulnerability Details

CVEList

Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint↗2024-07-01

▶

GHSA

GHSA-qmqh-r82r-6q87: In Splunk Enterprise versions below 9↗2024-07-01

▶