21 matches found
EUVD-2020-28149
Malware in sbrugna...
EUVD-2023-53818
Malicious code in bioql PyPI...
EUVD-2021-9295
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-7011
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects ...
PT-2023-31412 · Elastic · App Search
Name of the Vulnerable Software and Affected Versions: Elastic App Search versions prior to 7.17.16 Elastic App Search versions prior to 8.11.2 Description: An issue was discovered in the Documents API of App Search where it logged the raw contents of indexed documents at INFO log level. This cou...
The vulnerability of the Elastic App Search application discovery tool, related to incorrect permission configuration, allows a violator to increase their privileges.
The vulnerability of the Elastic App Search application discovery tool is related to the improper assignment of permissions for API keys. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
CVE-2021-22149
Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users...
CVE-2021-22140
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
CVE-2021-22140
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
Xxe
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue XXE in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...
CVE-2021-22140
Elastic App Search (web crawler beta) versions 7.11.0–7.12.0 are affected by an XML External Entity (XXE) injection in the crawler, allowing an attacker crawling the site via a manipulated sitemap.xml to read files on the host. Root cause: insufficient validation of XML in the crawler. Impact: po...
Cross-site Scripting (XSS)
Overview elastic-app-search is a Ruby client for the Elastic App Search. Affected versions of this package are vulnerable to Cross-site Scripting XSS. They contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result,...
Elastic App Search Cross-Site Scripting Vulnerability
Elastic App Search is a powerful set of APIs and developer tools from Elastic designed for developers to build rich, user-oriented search applications. Elastic App Search versions prior to 7.7.0 have a cross-site scripting vulnerability in the Reference UI that displays document URLs. If the...
CVE-2020-7011
Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they...
CVE-2020-7011
Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they...
UBUNTU-CVE-2020-7011
Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they...
Cross site scripting
Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they...
CVE-2020-7011
Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they...
CVE-2020-7011
CVE-2020-7011 involves Elastic App Search versions before 7.7.0, where the Reference UI renders document URLs in results. The underlying issue is a cross-site scripting (XSS) vulnerability: if an attacker can control the contents of a URL field shown in a result, they could cause arbitrary JavaSc...
CVE-2020-7011
Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they...