CVE-2014-3147

Splunk < 6.0.4 - Authenticated Cross-Site Scripting via Auto-Complete Feature

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1030800

Vendor Advisory x_refsource_confirm

http://www.splunk.com/view/SP-CAAAMSH

Scores

EPSS 0.0019

EPSS Percentile 39.8%

Details

CWE

CWE-79

Status published

Products (4)

splunk/splunk 6.0.0

splunk/splunk 6.0.1

splunk/splunk 6.0.2

splunk/splunk < 6.0.3

Published Oct 10, 2014

Tracked Since Feb 18, 2026