CVE-2010-2503

Splunk - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085.

References (1)

Scores

EPSS 0.0026
EPSS Percentile 49.4%

Classification

CWE
CWE-79
Status published

Affected Products (14)

splunk/splunk
splunk/splunk
splunk/splunk
splunk/splunk
splunk/splunk
splunk/splunk
splunk/splunk
splunk/splunk
splunk/splunk
splunk/splunk
splunk/splunk
splunk/splunk
splunk/splunk
n/a/n/a

Timeline

Published Jun 28, 2010
Tracked Since Feb 18, 2026