Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-32715

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will.

Published

2023-06-01T17:15:10.570

Last Modified

2024-11-21T08:03:54.310

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	splunk	splunk_app_for_lookup_file_editing	< 4.0.1	Yes

References

https://advisory.splunk.com/advisories/SVD-2023-0610 Vendor Advisory ([email protected])
https://advisory.splunk.com/advisories/SVD-2023-0610 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)