Security Advisory

CVE-2025-20368

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-01 16:08:04

Last updated 2025-10-01 17:35:52

Assigner cisco

State PUBLISHED

Description

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection details of a saved search. This could result in execution of unauthorized JavaScript code in the browser of a user.

← Browse all CVEs View on cve.org ↗