Description
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user.

The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
Published: 2026-06-10
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored cross‑site scripting flaw exists in classic dashboards of Splunk when an attacker can create a malicious HTML panel. The injected script is executed in the browser of any user who opens the affected dashboard, allowing the attacker to steal session cookies, redirect the user, or perform other client‑side malicious actions. The weakness is a classic input validation flaw (CWE-79) that can lead to unintended code execution in user browsers and compromise confidentiality and integrity of user sessions.

Affected Systems

Splunk Enterprise version 10.2.4 or earlier, 10.0.7 or earlier, 9.4.12 or earlier, and 9.3.13 or earlier, and Splunk Cloud Platform version 10.3.2512.11 or earlier, 10.2.2510.15 or earlier, 10.1.2507.23 or earlier, and 9.3.2411.132 or earlier are affected.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate to high severity. EPSS data is not available, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires an attacker to trick a victim into loading the malicious dashboard (phishing scenario); the low‑privileged user who creates the panel must not have admin or power roles, limiting the attacker’s ability to repeat the attack. The risk is therefore moderate overall, but the potential for session hijacking or credential theft requires timely remediation.

Generated by OpenCVE AI on June 10, 2026 at 19:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Splunk Enterprise to 10.2.4 or later, or 10.0.7 or later, or 9.4.12 or later, or 9.3.13 or later, and upgrade Splunk Cloud Platform to 10.3.2512.11 or later, or 10.2.2510.15 or later, or 10.1.2507.23 or later, or 9.3.2411.132 or later.
  • Restrict or disable the ability for non‑admin users to create classic HTML panels to eliminate the injection vector.
  • Implement a content‑security‑policy on dashboards that forbids inline scripts and sanitize any user‑supplied input to mitigate future XSS exploits.

Generated by OpenCVE AI on June 10, 2026 at 19:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Splunk
Splunk splunk Cloud Platform
Splunk splunk Enterprise
Vendors & Products Splunk
Splunk splunk Cloud Platform
Splunk splunk Enterprise

Wed, 10 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
Title Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Splunk Splunk Cloud Platform Splunk Enterprise
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-06-10T18:22:27.505Z

Reserved: 2025-10-08T11:59:15.401Z

Link: CVE-2026-20258

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-10T18:16:41.377

Modified: 2026-06-10T18:36:19.463

Link: CVE-2026-20258

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T21:00:06Z

Weaknesses