Cross-site Scripting (XSS) Vulnerability- SPLUNK (Cisco)

Scope: SPLUNK (Cisco)

Severity: Medium

A vulnerability in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to execute unauthorized JavaScript in a user’s browser via a custom configuration file affecting the “api.uri” parameter. Versions below Splunk Enterprise 9.2.3 and 9.1.6, and Splunk Cloud Platform 9.2.2403.108 and 9.1.2312.205 are affected.

Affected Versions:

• Splunk Enterprise: versions < 9.2.3, 9.1.6
• Splunk Cloud Platform: versions < 9.2.2403.108, 9.1.2312.205

The Uganda National CERT and Coordination Center (CERT.UG/CC) recommends that all user and administrators follow the mitigations provided by the CISCO page and upgrade to patched versions.