CVE-2010-2429

Name of the Vulnerable Software and Affected Versions Splunk versions 4.0 through 4.1.2

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response when Internet Explorer is used.

Recommendations For versions 4.0 through 4.1.2, consider updating to a version that contains a fix for this issue, although the specific fixed version is not provided in the available data. As a temporary workaround, consider restricting access to the HTTP Referer header to minimize the risk of exploitation.