CVE-2019-5727

EUVD-2019-15301
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
splunksplunk
𝑥
< 6.6.0
splunksplunk
6.0.0 ≤
𝑥
< 6.0.15
splunksplunk
6.1.0 ≤
𝑥
< 6.1.14
splunksplunk
6.2.0 ≤
𝑥
< 6.2.14
splunksplunk
6.3.0 ≤
𝑥
< 6.3.12
splunksplunk
6.4.0 ≤
𝑥
< 6.4.9
splunksplunk
6.5.0 ≤
𝑥
< 6.5.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107113
https://www.splunk.com/view/SP-CAAAQAF
http://www.securityfocus.com/bid/107113
https://www.splunk.com/view/SP-CAAAQAF