Splunk has disclosed a reflected Cross-Site Scripting (XSS) vulnerability in its Enterprise and Cloud Platform products, tracked as CVE-2025-20297 and detailed in advisory SVD-2025-0601. The flaw, rated medium with a CVSSv3.1 score of 4.3, affects the dashboard PDF generation component and exposes organizations to risks of unauthorized JavaScript execution by low-privileged users. Exploitation via pdfgen/render […]
The post Splunk Enterprise XSS Flaw Enables Attackers to Execute Unauthorized JavaScript appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform