Reflected XSS in a query parameter of the Monitoring Console

Advisory ID: SVD-2022-0505

CVE ID: CVE-2022-27183

Published: 2022-05-03

Last Update: 2022-05-03

CVSSv3.1 Score: 8.8, High


Bug ID: SPL-201205


The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted.


Upgrade Splunk Enterprise to 8.1.4 or later.

As an alternative to upgrading, disable or delete the app, disable Splunkweb, or disable Distributed mode. See Managing app objects for more information on disabling the app. See Configure distributed mode for disabling Distributed mode on the Monitoring Console app. See Disable unnecessary Splunk Enterprise components and web.conf for more information on disabling Splunkweb.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise8.1Splunk Monitoring Console8.1.3 and earlier8.1.4
Splunk Enterprise8.2-Not affected-

The vulnerability does not impact Splunk Cloud Platform instances.



Danylo Dmytriiev (DDV_UA)