- Description
- In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- psirt@cisco.com
- CWE-79
- Hype score
- Not currently trending
به تازگی برای سرویس دفاعی Splunk آسیب پذیری جدیدی با کد شناسایی CVE-2025-20297 از نوع xss منتشر شده است . این آسیب پذیری باعث اجرای کد javascript با دسترسی پایین می شود . برا
@AmirHossein_sec
4 Jun 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alert: A critical XSS vulnerability (CVE-2025-20297) in Splunk Enterprise allows unauthorized JavaScript execution. Users urged to update immediately. Link: https://t.co/YD5kek8OYj #Security #Splunk #XSS #CVE #JavaScript #Update #Patch #Risk #Exploit #Threat #Breach #Software htt
@dailytechonx
3 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes