In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.
References
Link | Resource |
---|---|
https://advisory.splunk.com/advisories/SVD-2023-1103 | Vendor Advisory |
https://research.splunk.com/application/1030bc63-0b37-4ac9-9ae0-9361c955a3cc/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Splunk
Published: 2023-11-16T20:15:46.739Z
Updated: 2024-07-03T16:07:07.513Z
Reserved: 2023-10-18T17:02:51.235Z
Link: CVE-2023-46213
JSON object: View
NVD Information
Status : Modified
Published: 2023-11-16T21:15:08.390
Modified: 2024-04-10T01:15:16.503
Link: CVE-2023-46213
JSON object: View
Redhat Information
No data.
CWE