Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View

Advisory ID: SVD-2023-0605

CVE ID: CVE-2023-32711

Published: 2023-06-01

Last Update: 2023-06-01

CVSSv3.1 Score: 5.4, Medium


Bug ID: SPL-234890


A Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload.


For Splunk Enterprise, upgrade versions to 8.1.14, 8.2.11, 9.0.5, or higher.

This vulnerability does not affect Splunk Cloud Platform instances.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise8.1Splunk Web8.1.0 to
Splunk Enterprise8.2Splunk Web8.2.0 to
Splunk Enterprise9.0Splunk Web9.0.0 to

Mitigations and Workarounds

If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See Disable unnecessary Splunk Enterprise components and the web.conf configuration specification file in the Splunk documentation for more information on disabling Splunk Web.


This detection search provides information on possible persistent XSS exploitation attempts within a dashboard view in Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14.


Splunk rated the vulnerability as Medium, 5.4, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.


Danylo Dmytriiev (DDV_UA)