First published: Tue Feb 14 2023(Updated: )
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.
Credit: prodsec@splunk.com prodsec@splunk.com
Affected Software | Affected Version | How to fix |
---|---|---|
Splunk Splunk | >=8.1.0<8.1.13 | |
Splunk Splunk | >=8.2.0<8.2.10 | |
Splunk Splunk | >=9.0.0<9.0.4 | |
Splunk Splunk Cloud Platform | <9.0.2209 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-22933.
The severity of CVE-2023-22933 is high.
Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4 are affected by CVE-2023-22933.
CVE-2023-22933 allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the 'layoutPanel' attribute in the 'module' tag in instances with Splunk Web enabled.
The CWE ID for CVE-2023-22933 is CWE-79.