CVE-2022-27183
HIGHSplunk 8.1.0-8.1.4 - Reflected Cross-Site Scripting in Monitoring Console Query Parameter
Title source: llmDescription
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html
Vendor Advisory x_refsource_misc
https://research.splunk.com/application/splunk_xss_in_monitoring_console/
Scores
CVSS v3
8.8
EPSS
0.0035
EPSS Percentile
57.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-79
Status
published
Products (1)
splunk/splunk
8.1.0 - 8.1.4
Published
May 06, 2022
Tracked Since
Feb 18, 2026