Home

Description

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, which could result in execution of unauthorized JavaScript code in the browser of a user.

PUBLISHED Reserved 2024-10-10 | Published 2025-12-03 | Updated 2025-12-03 | Assigner cisco




LOW: 2.4CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

Problem types

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Product status

10.0 (custom) before 10.0.2
affected

9.4 (custom) before 9.4.6
affected

9.3 (custom) before 9.3.8
affected

9.2 (custom) before 9.2.10
affected

10.1.2507 (custom) before 10.1.2507.6
affected

10.0.2503 (custom) before 10.0.2503.7
affected

9.3.2411 (custom) before 9.3.2411.117
affected

Credits

Dr. Oliver Matula, DB Systel GmbH

References

advisory.splunk.com/advisories/SVD-2025-1204

cve.org (CVE-2025-20385)

nvd.nist.gov (CVE-2025-20385)