4 matches found
CVE-2025-25017 Kibana Stored Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting XSS...
CVE-2025-25017 Kibana Stored Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting XSS...
CVE-2025-25017
Kibana vulnerability CVE-2025-25017 is a stored XSS in the Vega visualization engine due to improper input validation in Vega visualization specifications. Likely affects Kibana dashboards; potential impacts include session hijacking and data theft. No exploitation details or official patch versi...
Kibana 7.0.x <= 7.17.29 / 8.0.x <= 8.18.7 / 8.19.x <= 8.19.3 / 9.0.x <= 9.0.6 / 9.1.x <= 9.1.3 XSS (ESA-2025-16)
The version of Kibana running on the remote host is prior to 7.0 prior to 7.17.29, 8.0 prior to 8.18.7, 8.19 prior to 8.19.3, 9.0 prior to 9.0.6 and 9.1 prior to 9.1.6. It is, therefore, affected by a cross-site scripting vulnerability as referenced in the ESA-2025-16 advisory. - Improper...