First published: Thu Nov 16 2023(Updated: )
In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.
|Affected Software||Affected Version||How to fix|
CVE-2023-46213 is a vulnerability that allows the execution of unauthorized code in a user's web browser through ineffective escaping in the "Show Syntax Highlighted" feature in Splunk Enterprise versions below 9.0.7 and 9.1.2.
CVE-2023-46213 has a severity level of medium (4.8).
Splunk Cloud versions up to 9.1.2308, Splunk Enterprise versions between 9.0.0 and 9.0.7, and Splunk Enterprise versions between 9.1.0 and 9.1.2 are affected by CVE-2023-46213.
CVE-2023-46213 can be exploited by attackers to execute unauthorized code in a user's web browser using the "Show Syntax Highlighted" feature in Splunk Enterprise.
To fix CVE-2023-46213, it is recommended to upgrade Splunk Enterprise to version 9.0.7 or 9.1.2, depending on the affected version.