National Cyber Warfare Foundation (NCWF)

Splunk Enterprise XSS Flaw Enables Attackers to Execute Unauthorized JavaScript


0 user ratings
2025-06-03 10:11:24
milo
Red Team (CNA)

Splunk has disclosed a reflected Cross-Site Scripting (XSS) vulnerability in its Enterprise and Cloud Platform products, tracked as CVE-2025-20297 and detailed in advisory SVD-2025-0601. The flaw, rated medium with a CVSSv3.1 score of 4.3, affects the dashboard PDF generation component and exposes organizations to risks of unauthorized JavaScript execution by low-privileged users. Exploitation via pdfgen/render […]


The post Splunk Enterprise XSS Flaw Enables Attackers to Execute Unauthorized JavaScript appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.



Anupriya

Source: gbHackers
Source Link: https://gbhackers.com/splunk-enterprise-xss-flaw/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.