- Description
- In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- splunk, splunk_cloud_platform
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- psirt@cisco.com
- CWE-79
- Hype score
- Not currently trending
به تازگی برای سرویس دفاعی Splunk آسیب پذیری جدیدی با کد شناسایی CVE-2025-20297 از نوع xss منتشر شده است . این آسیب پذیری باعث اجرای کد javascript با دسترسی پایین می شود . برا
@AmirHossein_sec
4 Jun 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alert: A critical XSS vulnerability (CVE-2025-20297) in Splunk Enterprise allows unauthorized JavaScript execution. Users urged to update immediately. Link: https://t.co/YD5kek8OYj #Security #Splunk #XSS #CVE #JavaScript #Update #Patch #Risk #Exploit #Threat #Breach #Software htt
@dailytechonx
3 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6B05EBC8-E9AA-40DD-9D5A-F802748B240D",
"versionEndExcluding": "9.2.6",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "5BDE9C29-C754-40F8-8659-9094ACE376FF",
"versionEndExcluding": "9.3.4",
"versionStartIncluding": "9.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "18674A90-13F1-4051-BD16-F815831CBE91",
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D64EDBA6-544C-4810-9F6C-A44A28B872A9",
"versionEndExcluding": "9.2.2406.118",
"versionStartIncluding": "9.2.2406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F348A61C-6353-4C76-98A8-9D9AC986B469",
"versionEndExcluding": "9.3.2408.111",
"versionStartIncluding": "9.3.2408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B191356-EE1E-43DF-B8EA-1D6965F5FD94",
"versionEndExcluding": "9.3.2411.102",
"versionStartIncluding": "9.3.2411",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]