CVE-2016-4858

Published: May 12, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor	Product	Versions
Splunk Inc.	Splunk Enterprise	affected `6.4.x prior to 6.4.2` affected `6.3.x prior to 6.3.6` affected `6.2.x prior to 6.2.10` affected `6.1.x prior to 6.1.11` affected `6.0.x prior to 6.0.12` +1 more versions
Splunk Inc.	Splunk Light	affected `prior to 6.4.2`

References

https://www.splunk.com/view/SP-CAAAPN9

x_refsource_CONFIRM

JVN#71462075

third-party-advisory

x_refsource_JVN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-4858

Description

Affected Products

References