CVE-2010-2429
Splunk 4.0-4.1.2 - Cross-Site Scripting via HTTP Referer Header
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.splunk.com/view/SP-CAAAFHY
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40187
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/65623
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59517
Scores
EPSS
0.0028
EPSS Percentile
51.2%
Details
CWE
CWE-79
Status
published
Products (15)
splunk/splunk
4.0
splunk/splunk
4.0.1
splunk/splunk
4.0.2
splunk/splunk
4.0.3
splunk/splunk
4.0.4
splunk/splunk
4.0.5
splunk/splunk
4.0.6
splunk/splunk
4.0.7
splunk/splunk
4.0.8
splunk/splunk
4.0.9
... and 5 more
Published
Jun 24, 2010
Tracked Since
Feb 18, 2026