Splunk Enterprise 6.6.x < 6.6.3 / Splunk Light 6.6.x < 6.6.3 Multiple XSS

medium Nessus Plugin ID 102731

Synopsis

An application running on the remote web server is affected by multiple cross-site scripting vulnerabilities.

Description

According to its self-reported version number, the version of Splunk running on the remote web server is Splunk Light 6.5.x prior to 6.6.3 or Splunk Enterprise 6.6.x prior to 6.6.3. It is, therefore, affected by multiple cross-site scripting (XSS) vulnerabilities.

Solution

Upgrade to Splunk Enterprise version 6.6.3 or later or Splunk Light 6.6.3 or later.

See Also

https://www.splunk.com/view/SP-CAAAP3H

Plugin Details

Severity: Medium

ID: 102731

File Name: splunk_663.nasl

Version: Revision: 1.2

Type: remote

Published: 8/24/2017

Updated: 11/30/2017

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:splunk:splunk

Required KB Items: installed_sw/Splunk

Patch Publication Date: 8/21/2017

Vulnerability Publication Date: 8/21/2017