In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2023-06-01T16:34:27.816Z

Updated: 2024-12-10T18:01:23.857Z

Reserved: 2023-05-11T20:55:59.872Z

Link: CVE-2023-32715

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-01T17:15:10.570

Modified: 2024-11-21T08:03:54.310

Link: CVE-2023-32715

cve-icon Redhat

No data.