We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE

PUBLISHED

CVE-2024-36997

Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint

Assigner	Splunk
Reserved	2024-05-30
Published	2024-07-01
Updated	2024-07-03

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.

MEDIUM: 4.6

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Problem types

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Product status

9.2 before 9.2.2

affected

9.1 before 9.1.5

affected

9.0 before 9.0.10

affected

9.1.2312 before 9.1.2312.100

affected

Credits

STÖK / Fredrik Alexandersson

References

https://advisory.splunk.com/advisories/SVD-2024-0717

https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c

cve.org CVE-2024-36997

nvd.nist.gov CVE-2024-36997

Download JSON

https://cve.threatint.com/CVE/CVE-2024-36997

Find us on

Data Privacy
Terms of Use