3 matches found
CVE-2020-7011
Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they...
CVE-2020-7011
Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they...
CVE-2020-7011
CVE-2020-7011 involves Elastic App Search versions before 7.7.0, where the Reference UI renders document URLs in results. The underlying issue is a cross-site scripting (XSS) vulnerability: if an attacker can control the contents of a URL field shown in a result, they could cause arbitrary JavaSc...