CVE-2025-20368 — Cross-site Scripting in Cloud Platform

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA5.7

EPSS

0.0%

top 91.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Cloud Platform Splunk Enterprise Splunk

Timeline

PublishedOct 1

Description

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection details of a saved search. This could result in execution of unauthorized JavaScript code in the browser of a user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5splunk/splunk_cloud_platform9.3.2411 — 9.3.2411.108+2

▶NVDsplunk/splunk_cloud_platform9.2.2406 — 9.2.2406.123+2

▶CVEListV5splunk/splunk_enterprise10.0 — 10.0.0+3

▶NVDsplunk/splunk9.2.0 — 9.2.8+2

🔴Vulnerability Details

CVEList

Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inspector on Splunk Enterprise↗2025-10-01

▶

GHSA

GHSA-wr8v-qcgq-v7m3: In Splunk Enterprise versions below 9↗2025-10-01

▶