CVE-2016-4858

Summary

Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected Software

VendorProductVersion RangeStatus
Splunk Inc.Splunk Enterprise6.4.x prior to 6.4.2affected
Splunk Inc.Splunk Enterprise6.3.x prior to 6.3.6affected
Splunk Inc.Splunk Enterprise6.2.x prior to 6.2.10affected
Splunk Inc.Splunk Enterprise6.1.x prior to 6.1.11affected
Splunk Inc.Splunk Enterprise6.0.x prior to 6.0.12affected
Splunk Inc.Splunk Enterprise5.0.x prior to 5.0.16affected
Splunk Inc.Splunk Lightprior to 6.4.2affected

Weaknesses

  • Cross-site scripting

ADP Enrichment

CVE Program Container

Additional References

References