CVE-2017-12572
https://notcve.org/view.php?id=CVE-2017-12572
Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente en Splunk Enterprise 6.5.x anterior a 6.5.2; 6.4.x anterior a 6.4.6; y 6.3.x anterior a 6.3.9 y Splunk Light anterior a 6.5.2, cuya explotación requiere acceso de administrador, también conocido como SPL-134104. • https://www.splunk.com/view/SP-CAAAPYC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-4859
https://notcve.org/view.php?id=CVE-2016-4859
Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en Splunk Enterprise versiones 6.4.x anteriores a la 6.4.3, Splunk Enterprise versiones 6.3.x anteriores a la 6.3.6, Splunk Enterprise versiones 6.2.x anteriores a la 6.2.10, Splunk Enterprise versiones 6.1.x anteriores a la 6.1.11, Splunk Enterprise versiones 6.0.x anteriores a la 6.0.12, Splunk Enterprise versiones 5.0.x anteriores a la 5.0.16 y Splunk Light versiones anteriores a la 6.4.3, que permitiría la redirección de usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://www.securityfocus.com/bid/92603 https://jvn.jp/en/jp/JVN64800312/index.html https://www.splunk.com/view/SP-CAAAPQ6 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2016-4857
https://notcve.org/view.php?id=CVE-2016-4857
Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en Splunk Enterprise versiones 6.4.x anteriores a la 6.4.2, Splunk Enterprise versiones 6.3.x anteriores a la 6.3.6, Splunk Enterprise versiones 6.2.x anteriores a la 6.2.11 y Splunk Light anteriores a la 6.4.2, que permitiría la redirección de usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • https://jvn.jp/en/jp/JVN39926655/index.html https://www.splunk.com/view/SP-CAAAPQM • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2016-4858
https://notcve.org/view.php?id=CVE-2016-4858
Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-site scripting en Splunk Enterprise versiones 6.4.x anteriores a la 6.4.2, Splunk Enterprise versiones 6.3.x anteriores a la 6.3.6, Splunk Enterprise versiones 6.2.x anteriores a la 6.2.10, Splunk Enterprise versiones 6.1.x anteriores a la 6.1.11, Splunk Enterprise versiones 6.0.x anteriores a la 6.0.12, Splunk Enterprise versiones 5.0.x anteriores a la 5.0.16 y Splunk Light versiones anteriores a la 6.4.2, que permitiría a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • https://jvn.jp/en/jp/JVN71462075/index.html https://www.splunk.com/view/SP-CAAAPN9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-4856
https://notcve.org/view.php?id=CVE-2016-4856
Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-site scripting en Splunk Enterprise versiones 6.3.x anteriores a la 6.3.5 y Splunk Light versiones 6.3.x anteriores a la 6.3.5, que permitiría a un atacante con derechos de administrador inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92990 https://jvn.jp/en/jp/JVN71462075/index.html https://www.splunk.com/view/SP-CAAAPN9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •