CVE-2010-2503
Splunk 4.0-4.0.10 and 4.1-4.1.1 - Cross-Site Scripting via Redirects and User Input
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.splunk.com/view/SP-CAAAFGD
Scores
EPSS
0.0026
EPSS Percentile
49.7%
Details
CWE
CWE-79
Status
published
Products (13)
splunk/splunk
4.0
splunk/splunk
4.0.1
splunk/splunk
4.0.2
splunk/splunk
4.0.3
splunk/splunk
4.0.4
splunk/splunk
4.0.5
splunk/splunk
4.0.6
splunk/splunk
4.0.7
splunk/splunk
4.0.8
splunk/splunk
4.0.9
... and 3 more
Published
Jun 28, 2010
Tracked Since
Feb 18, 2026