Lucene search
K

10 matches found

OSV
OSV
added 2026/06/01 11:42 a.m.8 views

BIT-KIBANA-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-42401

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References1
Elastic
Elastic
added 2026/05/28 7:25 p.m.12 views

Kibana 8.19.16, 9.3.5 Security Update (ESA-2026-34)

Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup...

4.1CVSS5.7AI score0.00141EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-24412

Malware in sbrugna...

5.4CVSS5.3AI score0.00456EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/03/12 12:0 a.m.7 views

The vulnerability of the OTRS request processing system lies in the unprotected feature of inserting debugging information into the log file during index creation by Elasticsearch. This allows a hacker to disclose protected information.

The vulnerability of the OTRS request processing system lies in an unprotected feature that allows debugging information to be inserted into the log file during the creation of the Elasticsearch index. Exploiting this vulnerability can enable a malicious actor to disclose sensitive information...

6.1CVSS7AI score0.00515EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2024/01/29 10:15 a.m.34 views

CVE-2024-23791

Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1...

7.5CVSS7.1AI score0.00515EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/29 9:21 a.m.8 views

CVE-2024-23791 Unnecessary data is written to log if issues during indexing occurs

Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1...

4.9CVSS7.5AI score0.00515EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.6 views

PT-2024-2035 · Otrs +1 · Otrs +1

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.48 OTRS versions 8.0.X through 8.0.37 OTRS versions 2023.X through 2023.1.1 Description: The issue is related to the insertion of debug information into a log file during the building of an Elasticsearch index,...

7.5CVSS7.2AI score0.00515EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.4 views

SUSE CVE-2021-37936

It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be render...

5.4CVSS6.8AI score0.00456EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/18 12:0 a.m.6 views

CVE-2021-37936

It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be render...

5.3AI score0.00456EPSS
Exploits0References2
Rows per page
Query Builder