Joshua Neubecker

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 9.0.7 Splunk Enterprise versions prior to 9.1.2 **Description** The issue is related to ineffective escaping in the "Show syntax Highlighted" feature, which can result in the execution of unauthorized code in a user's web browser. This can allow a remote attacker to conduct a cross-site scripting attack. **Recommendations** For versions prior to 9.0.7, update to version 9.0.7 or later. For versions prior to 9.1.2, update to version 9.1.2 or later. As a temporary workaround, consider disabling the "Show syntax Highlighted" feature until a patch is available.