CVE-2017-12572 Information

Description

Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2 6.4.x before 6.4.6 and 6.3.x before 6.3.9 and Splunk Light before 6.5.2 with exploitation requiring administrative access aka SPL-134104.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Reference

https://www.splunk.com/view/SP-CAAAPYC

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.8