CVE-2015-7604
Splunk Enterprise 6.2.x < 6.2.6 and Splunk Light 6.2.x < 6.2.6 - Cross-Site Scripting
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033655
Vendor Advisory x_refsource_confirm
http://www.splunk.com/view/SP-CAAAPAM
Scores
EPSS
0.0026
EPSS Percentile
49.7%
Details
CWE
CWE-79
Status
published
Products (6)
splunk/splunk
6.2.0 (2 CPE variants)
splunk/splunk
6.2.1 (2 CPE variants)
splunk/splunk
6.2.2 (2 CPE variants)
splunk/splunk
6.2.3 (2 CPE variants)
splunk/splunk
6.2.4 (2 CPE variants)
splunk/splunk
6.2.5 (2 CPE variants)
Published
Sep 29, 2015
Tracked Since
Feb 18, 2026