Summary
The host is installed with Splunk
and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow
remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to Splunk version 5.0.10
or 6.0.6 or 6.1.4 or later. For updates refer to http://www.splunk.com
Insight
Flaw is due improper validation of
user-supplied input passed via the vector related to dashboard.
Affected
Splunk version 5.0.x before 5.0.10
and 6.0.x before 6.0.6 and 6.1.x before 6.1.4
Detection
Get the installed version with the
help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-8302 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability