Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/12/19 6:29 a.m.8 views

CVE-2025-68387

A flaw was found in Kibana. An unauthenticated user can embed a malicious script in web page content through improper input neutralization during web page generation. This cross-site scripting XSS vulnerability, specifically in a function handler within the Vega AST evaluator, allows for the...

6.1CVSS5.4AI score0.0018EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/18 10:45 p.m.4 views

Cross-site Scripting (XSS)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the function handler in the Vega AST evaluator. An attacker can execute arbitrary scripts in the...

6.1CVSS5.4AI score0.0018EPSS
Exploits0References2
OSV
OSV
added 2025/12/18 10:11 p.m.8 views

CVE-2025-68387 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...

6.1CVSS5.8AI score0.0018EPSS
Exploits0References3
CVE
CVE
added 2025/12/18 10:11 p.m.25 views

CVE-2025-68387

CVE-2025-68387 corresponds to Kibana, where an unauthenticated user can exploit an XSS flaw caused by improper input neutralization during web page generation in a function handler of the Vega AST evaluator . Several feeds (NVD, Red Hat, OSV, BIT-KIBANA, SNYK) describe the issue consistently and ...

6.1CVSS5.6AI score0.0018EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-52368

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...

6.1CVSS6AI score0.0018EPSS
Exploits0References3
Rows per page
Query Builder