CVE-2014-3147

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 6.0.4

Description The issue is related to a cross-site scripting (XSS) vulnerability in the auto-complete feature. This allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.

Recommendations For versions prior to 6.0.4, update to version 6.0.4 or later to resolve the issue.