Primary

Context

Splunk Stored Cross-Site Scripting Vulnerability in Saved Search and Job Inspector

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Splunk Enterprise versions prior to 9.4.4, 9.3.6, and 9.2.8, as well as in Splunk Cloud Platform versions prior to 9.3.2411.108, 9.3.2408.118, and 9.2.2406.123. This vulnerability allows a low-privileged user, who does not have admin or power roles, to inject a malicious payload into the error messages and job inspection details of a saved search. The injected payload could then execute unauthorized JavaScript code in the browser of a user.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the user.

Remediation

Users of Splunk Enterprise should upgrade to versions 9.4.4, 9.3.6, or 9.2.8. For Splunk Cloud Platform users, Splunk is actively monitoring and patching instances. Additionally, turning off Splunk Web can mitigate the vulnerability.

Added: Oct 1, 2025, 5:19 PM

Updated: Oct 1, 2025, 5:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

5.0

remediation

8.3

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

5.0

remediation

8.3

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Splunk Stored Cross-Site Scripting Vulnerability in Saved Search and Job Inspector

Vulnerability

Impact

Remediation

Affected Products

Splunk

Splunk Cloud Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating