CVE-2025-20297Cross-site Scripting in Cloud Platform

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
CNA4.3
EPSS
0.3%
top 43.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Cloud PlatformSplunk EnterpriseSplunk
Timeline
PublishedJun 2

Description

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

CVEListV5splunk/splunk_cloud_platform9.3.24119.3.2411.102+2
NVDsplunk/splunk_cloud_platform9.2.24069.2.2406.118+2
CVEListV5splunk/splunk_enterprise9.49.4.2+3
NVDsplunk/splunk9.2.09.2.6+2

🔴Vulnerability Details

2
CVEList
Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component2025-06-02
GHSA
GHSA-3r93-v644-8g5h: In Splunk Enterprise versions below 92025-06-02
CVE-2025-20297 — Cross-site Scripting in Splunk | cvebase