CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-8301
https://notcve.org/view.php?id=CVE-2014-8301
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header. Vulnerabilidad de XSS en Splunk Web en Splunk Enterprise 5.0.x anterior a 5.0.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera HTTP Referer. • http://www.splunk.com/view/SP-CAAANHS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 21EXPL: 0CVE-2014-8302
https://notcve.org/view.php?id=CVE-2014-8302
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard. Vulnerabilidad de XSS en Splunk Web en Splunk Enterpirse 6.1.x anterior a 6.1.x anterior a 6.1.4, 6.0.x anterior a 6.0.6, y 5.0.x anterior a 5.0.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con dashboard. • http://www.securitytracker.com/id/1030994 http://www.splunk.com/view/SP-CAAANHS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-8303
https://notcve.org/view.php?id=CVE-2014-8303
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing. Vulnerabilida de XSS en Splunk Web en Splunk Enterprise 6.1.x anterior a 6.1.4 anterior a 6.0.x anterior a 6.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con el análisis del evento. • http://www.securitytracker.com/id/1030994 http://www.splunk.com/view/SP-CAAANHS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3147
https://notcve.org/view.php?id=CVE-2014-3147
Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file. Vulnerabilidad de XSS en la caracteristica de autocompletado en Splunk Enterprise anterior a 6.0.4 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un fichero CSV. • http://securitytracker.com/id?1030800 http://www.splunk.com/view/SP-CAAAMSH • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5197
https://notcve.org/view.php?id=CVE-2014-5197
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids. Vulnerabilidad de salto de directorio en (1) Splunk Web o (2) Splunkd HTTP Server en Splunk Enterprise 6.1.x anterior a 6.1.3 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de un .. (punto punto) en una URI, relacionado con 'search ids'. • http://secunia.com/advisories/59940 http://www.securitytracker.com/id/1030690 http://www.splunk.com/view/SP-CAAAM9H • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •