Splunk Enterprise XSS Flaw Enables Attackers to Execute Unauthorized JavaScript

Splunk has disclosed a reflected Cross-Site Scripting (XSS) vulnerability in its Enterprise and Cloud Platform products, tracked as CVE-2025-20297 and detailed in advisory SVD-2025-0601….