@elastic/app-search-javascript is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript in a user’s browser via a document URL in the reference UI.
CPE | Name | Operator | Version |
---|---|---|---|
@elastic/app-search-javascript | le | 7.6.0 |