CVE-2022-23710

2022-03-0322:15:08

Google

osv.dev

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.6%

JSON

A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser.

CPENameOperatorVersion
elasticsearcheq0.90.0.RC1
elasticsearcheq5.0.0-alpha5
elasticsearcheq5.0.0-alpha1
elasticsearcheq4.0.0-beta3
elasticsearcheq4.0.0-beta2
elasticsearcheq0.90.0.Beta1
elasticsearcheq0.90.0.RC2
elasticsearcheq0.12.0
elasticsearcheq0.19.0
elasticsearcheq4.0.0BETA1

Name	Operator	Version
elasticsearch	eq	0.90.0.RC1
elasticsearch	eq	5.0.0-alpha5
elasticsearch	eq	5.0.0-alpha1
elasticsearch	eq	4.0.0-beta3
elasticsearch	eq	4.0.0-beta2
elasticsearch	eq	0.90.0.Beta1
elasticsearch	eq	0.90.0.RC2
elasticsearch	eq	0.12.0
elasticsearch	eq	0.19.0
elasticsearch	eq	4.0.0BETA1