CVE-2015-6515
Splunk Enterprise 5.0.x-6.2.x and Splunk Light 6.2.x - Cross-Site Scripting via Header
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.splunk.com/view/SP-CAAAN7C
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032859
Scores
EPSS
0.0026
EPSS Percentile
49.7%
Details
CWE
CWE-79
Status
published
Products (34)
splunk/splunk
5.0.0
splunk/splunk
5.0.1
splunk/splunk
5.0.2
splunk/splunk
5.0.3
splunk/splunk
5.0.4
splunk/splunk
5.0.5
splunk/splunk
5.0.6
splunk/splunk
5.0.7
splunk/splunk
5.0.8
splunk/splunk
5.0.9
... and 24 more
Published
Aug 18, 2015
Tracked Since
Feb 18, 2026