In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.
https://research.splunk.com/application/1030bc63-0b37-4ac9-9ae0-9361c955a3cc/