Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
Splunk versions 4.3.5 and 5.0
Splunk is prone to multiple vulnerabilities
Splunk is prone to multiple cross-site scripting vulnerabilities and a denial-of-service vulnerability because it fails to properly handle user-supplied input.
An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Some vulnerabilities have been reported in Splunk, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
Splunk recommends that all vulnerable instances of Splunk be updated to the latest release.