← voltar
CVE-2023-32715

Self Cross-Site Scripting (XSS) on Splunk App for Lookup File Editing

CVSS 4.7 MEDIUMEPSS 0.3%CWE-79
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 jun 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
Splunk · Splunk App for Lookup File Editing

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://advisory.splunk.com/advisories/SVD-2023-0610