CVE-2023-46213: 
Splunk Enterprise vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in Splunk Enterprise, identified as CVE-2023-46213. The vulnerability affects versions below 9.0.7 and 9.1.2, where ineffective escaping in the "Show syntax Highlighted" feature can result in unauthorized code execution in a user's web browser. The vulnerability was disclosed on November 16, 2023 (Splunk Advisory).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSSv3.1 base score of 4.8 (Medium). The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability requires network access, high privileges, and user interaction to exploit (NVD).

When exploited, this vulnerability allows an attacker to craft a log file that can execute unauthorized Javascript code in the browser of a user who interacts with events in the malicious log file in a specific way. If the user has administrative privileges, the attacker could potentially gain significant control over the Splunk environment (Splunk Research).

The primary mitigation is to upgrade Splunk Enterprise to versions 9.0.7 or 9.1.2. For distributed environments, users can disable Splunk Web on indexers if users don't need to log in to Splunk Web on those systems. Additionally, users are advised not to use the "Show syntax highlighted" feature on imported log files from unfamiliar sources (Splunk Advisory).