CVE-2019-5727

Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
splunksplunk
𝑥
< 6.6.0
splunksplunk
6.0.0 ≤
𝑥
< 6.0.15
splunksplunk
6.1.0 ≤
𝑥
< 6.1.14
splunksplunk
6.2.0 ≤
𝑥
< 6.2.14
splunksplunk
6.3.0 ≤
𝑥
< 6.3.12
splunksplunk
6.4.0 ≤
𝑥
< 6.4.9
splunksplunk
6.5.0 ≤
𝑥
< 6.5.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107113
https://www.splunk.com/view/SP-CAAAQAF
http://www.securityfocus.com/bid/107113
https://www.splunk.com/view/SP-CAAAQAF