Splunk Enterprise 6.6.x < 6.6.3 / Splunk Light 6.6.x < 6.6.3 Multiple XSS

Medium Nessus Plugin ID 102731

Synopsis

An application running on the remote web server is affected by multiple cross-site scripting vulnerabilities.

Description

According to its self-reported version number, the version of Splunk running on the remote web server is Splunk Light 6.5.x prior to 6.6.3 or Splunk Enterprise 6.6.x prior to 6.6.3. It is, therefore, affected by multiple cross-site scripting (XSS) vulnerabilities.

Solution

Upgrade to Splunk Enterprise version 6.6.3 or later or Splunk Light 6.6.3 or later.

See Also

https://www.splunk.com/view/SP-CAAAP3H

Plugin Details

Severity: Medium

ID: 102731

File Name: splunk_663.nasl

Version: Revision: 1.2

Type: remote

Published: 2017/08/24

Modified: 2017/11/30

Dependencies: 49069, 47619

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:splunk:splunk

Required KB Items: installed_sw/Splunk

Patch Publication Date: 2017/08/21

Vulnerability Publication Date: 2017/08/21