CVE-2024-36992
Persistent Cross-site Scripting (XSS) in Dashboard Elements
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.
En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podría crear un payload malicioso a través de una Vista que podría resultar en la ejecución de código JavaScript no autorizado en el navegador de un usuario.bEl parámetro "url" del elemento Panel no tiene una validación de entrada adecuada para rechazar URL no válidas, lo que podría provocar un exploit de Cross-Site Scripting (XSS).
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-30 CVE Reserved
- 2024-07-01 CVE Published
- 2024-08-22 EPSS Updated
- 2024-10-30 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://advisory.splunk.com/advisories/SVD-2024-0712 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Splunk Search vendor "Splunk" | Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise" | >= 9.2.0 < 9.2.2 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.2.0 < 9.2.2" | en |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise" | >= 9.1.0 < 9.1.5 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.1.0 < 9.1.5" | en |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise" | >= 9.0.0 < 9.0.10 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.0.0 < 9.0.10" | en |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Splunk Cloud Platform Search vendor "Splunk" for product "Splunk Cloud Platform" | >= 9.1.2312.0 < 9.1.2312.200 Search vendor "Splunk" for product "Splunk Cloud Platform" and version " >= 9.1.2312.0 < 9.1.2312.200" | en |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Splunk Cloud Platform Search vendor "Splunk" for product "Splunk Cloud Platform" | >= 9.1.2308.0 < 9.1.2308.207 Search vendor "Splunk" for product "Splunk Cloud Platform" and version " >= 9.1.2308.0 < 9.1.2308.207" | en |
Affected
| ||||||