Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victimΓ―ΒΏΒ½s web browser.
CPE | Name | Operator | Version |
---|---|---|---|
app-search-php | eq | 7.3.0 | |
app-search-php | eq | 1.0.0 | |
app-search-php | eq | 7.6.0 | |
app-search-php | eq | 7.2.0 | |
app-search-php | eq | 1.0.2 | |
app-search-php | eq | 7.5.0 | |
app-search-php | eq | 7.4.0 | |
app-search-php | eq | 1.0.1 |