Summary
The host is installed with Splunk
and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow
remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to Splunk version 6.0.6
or 6.1.4 or later. For updates refer to http://www.splunk.com
Insight
Flaw is due improper validation of
user-supplied input passed via the vector related to event parsing.
Affected
Splunk version 6.0.x before 6.0.6
and 6.1.x before 6.1.4
Detection
Get the installed version with the
help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-8303 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities