Published: 24/06/2010 Updated: 23/07/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Splunk 4.0 up to and including 4.1.2, when Internet Explorer is used, allows remote malicious users to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

splunk splunk 4.0.8

splunk splunk 4.0.7

splunk splunk 4.1.2

splunk splunk 4.1.1

splunk splunk 4.0.10

splunk splunk 4.0.9

splunk splunk 4.0.2

splunk splunk 4.0.1

splunk splunk 4.0.6

splunk splunk 4.0.5

splunk splunk 4.1

splunk splunk 4.0

splunk splunk 4.0.11

splunk splunk 4.0.4

splunk splunk 4.0.3

Vendor Advisories

Table of Contents• Description • Products and Components Affected • Upgrades • Credit Statement • Vulnerability Descriptions and Ratings • Cross-site Scripting in Splunk Web with 404 responses to Internet Explorer (SPL-31736) (CVE-2010-2429) <!-- SP-CAAAFHY --> Description Splunk version 413 contains a fix for a cross-site scripting ...