Patrik Nordlén

**Name of the Vulnerable Software and Affected Versions** Splunk versions 4.0 through 4.1.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response when Internet Explorer is used. **Recommendations** For versions 4.0 through 4.1.2, consider updating to a version that contains a fix for this issue, although the specific fixed version is not provided in the available data. As a temporary workaround, consider restricting access to the HTTP Referer header to minimize the risk of exploitation.