CVE-2023-32715

Name of the Vulnerable Software and Affected Versions Splunk App for Lookup File Editing versions prior to 4.0.1

Description The issue allows a user to insert potentially malicious JavaScript code into the app, causing it to run on the user's machine. This does not require the app itself to contain malicious code. Exploitation requires the attacker to trick the victim into initiating a request within their browser and needs additional user interaction. The attacker cannot exploit this issue at will. It is related to a lack of protection for the web page structure, which could allow a remote attacker to conduct a cross-site scripting attack.

Recommendations For versions prior to 4.0.1, update to version 4.0.1 or later to resolve the issue. As a temporary workaround, consider restricting user interaction with the app to minimize the risk of exploitation. Avoid using the app for inserting JavaScript code until the issue is resolved.