0.001 Low
EPSS
Percentile
46.2%
kibana is vulnerable to cross-site scripting attacks. The vulnerability exists in timechartFn function in schema.js due to lack of sanitization in timelion label which allows a malicious user can inject and execute arbitrary Javascript.
timechartFn
schema.js
www.openwall.com/lists/oss-security/2019/10/24/1
www.openwall.com/lists/oss-security/2019/10/29/3
discuss.elastic.co/t/x-pack-alerting-and-kibana-5-6-1-security-update/101884
github.com/elastic/kibana/commit/a664861a1d8ede4bb92a1acc81d2f7fc9932a8ba
github.com/elastic/kibana/pull/13892