In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will.
References
Link | Resource |
---|---|
https://advisory.splunk.com/advisories/SVD-2023-0610 | Vendor Advisory |
https://advisory.splunk.com/advisories/SVD-2023-0610 | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:03
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
References | () https://advisory.splunk.com/advisories/SVD-2023-0610 - Vendor Advisory |
07 Jun 2023, 14:19
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:splunk:splunk_app_for_lookup_file_editing:*:*:*:*:*:*:*:* | |
References | (MISC) https://advisory.splunk.com/advisories/SVD-2023-0610 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CWE | CWE-79 | |
First Time |
Splunk splunk App For Lookup File Editing
Splunk |
01 Jun 2023, 17:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-01 17:15
Updated : 2024-11-21 08:03
NVD link : CVE-2023-32715
Mitre link : CVE-2023-32715
CVE.ORG link : CVE-2023-32715
JSON object : View
Products Affected
splunk
- splunk_app_for_lookup_file_editing
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')