Cribl Stream is vulnerable to a critical DOM-based XSS flaw that enables unauthenticated attackers to achieve full system compromise.

This is a DOM-based cross-site scripting (XSS) vulnerability (CWE-20) where the application fails to validate input correctly. It features a network-based attack vector that requires no authentication or user interaction to exploit.

While the base CVSS score is 8.7, the technical impact of this vulnerability is severe, with a CVSS v3.1 score of 9.8. Exploitation can lead to a complete compromise of confidentiality, integrity, and availability, allowing attackers to execute arbitrary code or steal sensitive data from users' sessions.

Immediate Action: Upgrade to Cribl Stream version 4.17.1 or later immediately to resolve the vulnerability.

Proactive Monitoring: Monitor web traffic logs for unusual script injections or suspicious redirects originating from the Cribl Stream management interface.

Compensating Controls: Deploy a Web Application Firewall (WAF) with strict XSS filtering rules to block malicious payloads targeting the web interface.

Public Exploit Available: false

This vulnerability represents a critical security risk due to its high exploitability and potential for full system compromise. Immediate patching to version 4.17.1 is mandatory to protect the integrity of the environment.