CVE-2017-12572

Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:splunk:splunk:6.3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.3.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.3.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.3.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.3.4:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.3.5:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.3.6:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.3.7:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.3.8:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.4.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.4.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.4.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.4.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.4.4:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.4.5:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.5.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.5.0:*:*:*:light:*:*:*
cpe:2.3:a:splunk:splunk:6.5.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:6.5.1:*:*:*:light:*:*:*

History

21 Nov 2024, 03:09

Type Values Removed Values Added
References () https://www.splunk.com/view/SP-CAAAPYC - Vendor Advisory () https://www.splunk.com/view/SP-CAAAPYC - Vendor Advisory

Information

Published : 2017-08-05 21:29

Updated : 2024-11-21 03:09


NVD link : CVE-2017-12572

Mitre link : CVE-2017-12572

CVE.ORG link : CVE-2017-12572


JSON object : View

Products Affected

splunk

  • splunk
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')