CVE-2014-8301
https://notcve.org/view.php?id=CVE-2014-8301
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header. Vulnerabilidad de XSS en Splunk Web en Splunk Enterprise 5.0.x anterior a 5.0.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera HTTP Referer. • http://www.splunk.com/view/SP-CAAANHS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8302
https://notcve.org/view.php?id=CVE-2014-8302
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard. Vulnerabilidad de XSS en Splunk Web en Splunk Enterpirse 6.1.x anterior a 6.1.x anterior a 6.1.4, 6.0.x anterior a 6.0.6, y 5.0.x anterior a 5.0.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con dashboard. • http://www.securitytracker.com/id/1030994 http://www.splunk.com/view/SP-CAAANHS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8303
https://notcve.org/view.php?id=CVE-2014-8303
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing. Vulnerabilida de XSS en Splunk Web en Splunk Enterprise 6.1.x anterior a 6.1.4 anterior a 6.0.x anterior a 6.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con el análisis del evento. • http://www.securitytracker.com/id/1030994 http://www.splunk.com/view/SP-CAAANHS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-3147
https://notcve.org/view.php?id=CVE-2014-3147
Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file. Vulnerabilidad de XSS en la caracteristica de autocompletado en Splunk Enterprise anterior a 6.0.4 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un fichero CSV. • http://securitytracker.com/id?1030800 http://www.splunk.com/view/SP-CAAAMSH • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-5198
https://notcve.org/view.php?id=CVE-2014-5198
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. Vulnerabilidad de XSS en Splunk Web en Splunk Enterprise 6.1.x anterior a 6.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera Referer HTTP. • http://secunia.com/advisories/59940 http://www.securitytracker.com/id/1030690 http://www.splunk.com/view/SP-CAAAM9H • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •