8 matches found
CVE-2025-68387
A flaw was found in Kibana. An unauthenticated user can embed a malicious script in web page content through improper input neutralization during web page generation. This cross-site scripting XSS vulnerability, specifically in a function handler within the Vega AST evaluator, allows for the...
CVE-2025-68387
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...
Cross-site Scripting (XSS)
Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the function handler in the Vega AST evaluator. An attacker can execute arbitrary scripts in the...
CVE-2025-68387 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...
CVE-2025-68387 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...
CVE-2025-68387
CVE-2025-68387 corresponds to Kibana, where an unauthenticated user can exploit an XSS flaw caused by improper input neutralization during web page generation in a function handler of the Vega AST evaluator . Several feeds (NVD, Red Hat, OSV, BIT-KIBANA, SNYK) describe the issue consistently and ...
Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-35)
Kibana Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' ESA-2025-35 Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers...
PT-2025-52368
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...