Several sources indicate a XSS vulnerability in recent Splunk versions. I can find no reference to this issue on your site or in the change logs. Below are some recent examples of sites referring to this issue confirmed in a different Splunk version 6.1.1; our Nessus scanner is also hitting on it(by exploit test and not version check) against version 5.0.8.
Does the Splunk team have a plan to address this vulnerability?
Splunk Product Security is aware of this XSS referrer header vulnerability. Engineering has fixed the issue, and updates are coming soon in upcoming maintenance releases. Please stay tuned for more details.
The next maintenance release is in assurance testing and will be published soon. Splunk releases are cumulative, meaning that future releases will contain fixes to vulnerabilities, new features and other bug fixes. Please bear with us while we ensure the new bits work as expected across multiple platforms and configurations.