Kibana 7.0.x < 8.19.8 / 9.0.x < 9.1.8 / 9.2.x < 9.2.2 XSS (ESA-2025-28)

The version of Kibana running on the remote host is prior to 7.0 prior to 8.19.8, 9.0 prior to 9.1.8 and 9.2 prior to 9.2.2. It is, therefore, affected by a cross-site scripting vulnerability as referenced in the ESA-2025-28 advisory. - Improper neutralization of input during web page generation...

CVE-2025-37732

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 CVE-2025-25018 bypassing that fix to achieve HT...

CVE-2025-37732

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 CVE-2025-25018 bypassing that fix to achieve HT...

Cross-site Scripting (XSS)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the integration package upload functionality. An attacker can execute arbitrary HTML or script code i...