Splunk · Splunk Enterprise · CVE-2014-3147
**Name of the Vulnerable Software and Affected Versions**
Splunk Enterprise versions prior to 6.0.4
**Description**
The issue is related to a cross-site scripting (XSS) vulnerability in the auto-complete feature. This allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.
**Recommendations**
For versions prior to 6.0.4, update to version 6.0.4 or later to resolve the issue.