Splunk Unspecified Cross Site Scripting Vulnerability
BID:59038
Info
Splunk Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 59038 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-2766 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 12 2013 12:00AM |
| Updated: | Apr 12 2013 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Splunk Splunk 4.3.1 |
| Not Vulnerable: | |
Discussion
Splunk Unspecified Cross Site Scripting Vulnerability
Splunk is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary HTML and script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Splunk versions 4.3.0 through 4.3.5 are vulnerable.
Splunk is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary HTML and script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Splunk versions 4.3.0 through 4.3.5 are vulnerable.
Exploit / POC
Splunk Unspecified Cross Site Scripting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to follow a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting user to follow a malicious URI.
Solution / Fix
Splunk Unspecified Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.