2 matches found
CVE-2025-68385
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a method in Vega bypassing a previous Vega XSS mitigation...
Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-34)
Kibana Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' ESA-2025-34 Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to embed a malicious script in content that will be served to web browsers...