Splunk has disclosed a reflected Cross-Site Scripting (XSS) vulnerability in its Enterprise and Cloud Platform products, tracked as CVE-2025-20297 and detailed in advisory SVD-2025-0601. The flaw, rated medium with a CVSSv3.1 score of 4.3, affects the dashboard PDF generation component and exposes organizations to risks of unauthorized JavaScript execution by low-privileged users. Exploitation via pdfgen/render […] The post Splunk Enterprise XSS Flaw Enables Attackers to Execute Unauthorized JavaScript appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/splunk-enterprise-xss-flaw/
