Our vulnerability scanner found the following "XSS vulnerability" - Can someone speak to the validity of this or why it might be a false positive? Any assistance would be greatly appreciated.
Injected into the "CiHiliteType" URL parameter (Using method GET) in https://[splunk_server_ip]/null.htw?CiWebHitsFile=/<script>xss</script>.aspx&CiRestriction=none&CiHiliteType=Full by changing the URL to https://[splunk_server_ip]/null.htw?CiWebHitsFile=/<script>xss</script>.aspx&CiRestriction=none&CiHiliteType=\"><script>248484113
1: <!doctype html><html><head><meta http-equiv="content-type" content=...
2: var hashTag = '', hashPos = document.location.href.indexOf('#');
3: if (hashPos > -1) { hashTag = document.location.href.substr(hashPos...
4: ...iHiliteType=\\"><script>248484113" + hashTag;
Good day!
In the future, please report security concerns via support if you have a support agreement or via the Splunk Product Security Portal http://www.splunk.com/page/securityportal
This is a false positive for 2 reasons:
Thanks for the report and please use the portal in the future in case this isn't a false positive issue and we need to deliver a fix to you and other customers!
Good day!
In the future, please report security concerns via support if you have a support agreement or via the Splunk Product Security Portal http://www.splunk.com/page/securityportal
This is a false positive for 2 reasons:
Thanks for the report and please use the portal in the future in case this isn't a false positive issue and we need to deliver a fix to you and other customers!
Thanks for the answer and pointing me to the right place!