Lucene search
Veracode Vulnerability DatabaseVERACODE:38203HistoryNov 23, 2022 - 10:21 a.m.
Cross-site Scripting (XSS)
2022-11-2310:21:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
kibana
cross-site scripting
xss
vulnerability
document fields
html
elasticsearch
javascript
malicious
0.001 Low
EPSS
Percentile
22.7%
kibana is vulnerable to cross-site scripting(XSS) attacks. The library does not properly sanitize document fields containing HTML snippets, which allows an attacker with the ability to write documents to an elasticsearch index to inject and execute malicious JavaScript.
Related
cvelist
cvelist
CVE-2021-37936
2022-11-18 00:00:00
prion
prion
Hardcoded credentials
2022-11-18 23:15:00
openvas
openvas
Elastic Kibana HTML Injection Vulnerability (ESA-2021-23)
2021-09-27 00:00:00
nvd
nvd
CVE-2021-37936
2022-11-18 23:15:19
osv
osv
CVE-2021-37936
2022-11-18 23:15:19
redhatcve
redhatcve
CVE-2021-37936
2022-11-24 13:26:02
cve
cve
CVE-2021-37936
2022-11-18 23:15:19
nessus
nessus
Kibana 7.10.2 < 7.14.1 Code Execution
2023-01-11 00:00:00
Kibana 7.14.0 HTML Injection
2023-01-11 00:00:00
Kibana 7.9.0 < 7.14.1 Path Traversal
2023-01-11 00:00:00