Lucene search

[email protected]CVE-2015-4093

HistoryJun 15, 2015 - 3:59 p.m.

CVE-2015-4093

2015-06-1515:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-4093

cross-site scripting

xss

elasticsearch

kibana 4.x

security vulnerability

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.8%

JSON

Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
elastic:kibanaelastic kibanaeq4.0.1
elastic:kibanaelastic kibanaeq4.0.2
elastic:kibanaelastic kibanaeq4.0.0

CPE	Name	Operator	Version
elastic:kibana	elastic kibana	eq	4.0.1
elastic:kibana	elastic kibana	eq	4.0.2
elastic:kibana	elastic kibana	eq	4.0.0

References

packetstormsecurity.com/files/132232/Kibana-4.0.2-Cross-Site-Scripting.html

www.securityfocus.com/archive/1/535726/100/0/threaded

www.securityfocus.com/bid/75107

www.elastic.co/community/security/

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for CVE-2015-4093

securityvulns2 openvas2 prion1