CVE-2017-12572
MEDIUMSplunk Enterprise 6.3.x-6.5.x and Splunk Light < 6.5.2 - Authenticated Persistent Cross-Site Scripting
Title source: llmDescription
Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.splunk.com/view/SP-CAAAPYC
Scores
CVSS v3
4.8
EPSS
0.0026
EPSS Percentile
49.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (17)
splunk/splunk
6.3.0
splunk/splunk
6.3.1
splunk/splunk
6.3.2
splunk/splunk
6.3.3
splunk/splunk
6.3.4
splunk/splunk
6.3.5
splunk/splunk
6.3.6
splunk/splunk
6.3.7
splunk/splunk
6.3.8
splunk/splunk
6.4.0
... and 7 more
Published
Aug 05, 2017
Tracked Since
Feb 18, 2026