Cross-site Scripting (XSS)

🗓️ 28 Jul 2020 04:58:39Reported by Veracode Vulnerability DatabaseType

kibana XSS vulnerability allows injection of malicious HTML script via region map visualization, leading to info leakage and malicious action

Reporter	Title	Published	Views	Family All 27
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to Elastic Kibana vulnerabilities (CVE-2020-7016,CVE-2020-7017 )	2 Sep 202120:19	–	ibm
Circl	CVE-2020-7017	27 Feb 202614:10	–	circl
CNVD	Elasticsearch Kibana Cross-Site Scripting Vulnerability (CNVD-2020-49490)	28 Jul 202000:00	–	cnvd
CVE	CVE-2020-7017	27 Jul 202018:00	–	cve
Cvelist	CVE-2020-7017	27 Jul 202018:00	–	cvelist
Elastic	Elastic Stack 6.8.11 and 7.8.1 security update	27 Jul 202017:09	–	elastic
EUVD	EUVD-2020-28154	7 Oct 202500:30	–	euvd
NCSC	Vulnerabilities fixed in Oracle Peoplesoft products	21 Jul 202100:00	–	ncsc
NVD	CVE-2020-7017	27 Jul 202018:15	–	nvd
OpenVAS	Elastic Kibana < 6.8.11, 7.x < 7.8.1 Multiple Vulnerabilities - Linux	3 Aug 202000:00	–	openvas

Vulners

Node

elastic kibanaRange6.2.0–6.8.10js

elastic kibanaRange7.0.0-alpha1–7.8.0js

Source	Link
elastic	www.elastic.co/community/security
github	www.github.com/elastic/kibana/commit/0bf552bd6baafe3053c68dd20af14a088065df69
github	www.github.com/elastic/kibana/commit/eb25b47a75b391bf2bcf236d02cb0afb22a9f226
oracle	www.oracle.com//security-alerts/cpujul2021.html
elastic	www.elastic.co/community/security/
discuss	www.discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786

07 Oct 2022 18:28Current

6.3Medium risk

Vulners AI Score6.3

CVSS 24.6

CVSS 3.16.7

EPSS0.01201