CVE-2017-12572

MEDIUM

Splunk - XSS

Title source: rule

Description

Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104.

References (1)

[Vendor Advisory] https://www.splunk.com/view/SP-CAAAPYC

Scores

CVSS v3 4.8

EPSS 0.0026

EPSS Percentile 49.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (20)

splunk/splunk

... and 10 more

Published Aug 05, 2017

Tracked Since Feb 18, 2026