CVE-2014-8380

Splunk 6.1.1 - Cross-Site Scripting via HTTP Referer Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8380. PoCs published by justpentest.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Splunk by injecting malicious JavaScript into the 'Referer' header. The server reflects this input unsanitized, leading to arbitrary script execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression.

Exploits (1)

exploitdb WORKING POC

by justpentest · textwebappsphp

https://www.exploit-db.com/exploits/40997

View Code ZIP pw:eip

This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Splunk by injecting malicious JavaScript into the 'Referer' header. The server reflects this input unsanitized, leading to arbitrary script execution in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Splunk 6.1.1 (other versions may also be affected)

No auth needed

Prerequisites: Access to a vulnerable Splunk instance · Ability to send crafted HTTP requests

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://packetstormsecurity.com/files/126813/Splunk-6.1.1-Cross-Site-Scripting.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40997/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/67655

Scores

EPSS 0.0328

EPSS Percentile 86.9%

Details

CWE

CWE-79

Status published

Products (1)

splunk/splunk 6.1.1

Published Oct 21, 2014

Tracked Since Feb 18, 2026