Vulnerability Details CVE-2023-22932
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.8%
CVSS Severity
CVSS v3 Score 8.7
References
Products affected by CVE-2023-22932
-
cpe:2.3:a:splunk:splunk:9.0.0
-
cpe:2.3:a:splunk:splunk:9.0.3
-
cpe:2.3:a:splunk:splunk_cloud_platform:-
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.1.2103
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2105
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2106
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2107
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2109
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2111
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2112
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2201
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2202
-
cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2203
-
cpe:2.3:a:splunk:splunk_cloud_platform:9.0.2209