Splunk version 6.1.1 suffers from a Referer header cross site scripting vulnerability.