CVE-2015-6514
Splunk Enterprise 6.2.x < 6.2.4 and Splunk Light 6.2.x < 6.2.4 - Authenticated Cross-Site Scripting
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.splunk.com/view/SP-CAAAN7C
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032859
Scores
EPSS
0.0026
EPSS Percentile
49.7%
Details
CWE
CWE-79
Status
published
Products (4)
splunk/splunk
6.2.0 (2 CPE variants)
splunk/splunk
6.2.1 (2 CPE variants)
splunk/splunk
6.2.2 (2 CPE variants)
splunk/splunk
6.2.3 (2 CPE variants)
Published
Aug 18, 2015
Tracked Since
Feb 18, 2026