This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.
A web application on the remote host has a cross-site scripting
The version of Splunk Web hosted on the remote web server fails to
sanitize the contents of the HTTP 'Referer' header before using it in
HTTP error 404 messages, and hence is affected by a cross-site scripting
An unauthenticated, remote attacker may be able to leverage this issue
to inject arbitrary HTML or script code into a user's browser to be
executed within the security context of the affected site.
Note that exploitation is only confirmed as valid in Internet Explorer
as Firefox escapes the special characters '<' and '>' when rendering the
See also :
Upgrade to Splunk 4.1.3.
Risk factor :
Medium / CVSS Base Score : 4.3
Family: CGI abuses : XSS
Nessus Plugin ID: 47620 ()
CVE ID: CVE-2010-2429