0.001 Low
EPSS
Percentile
34.4%
Kibana is vulnerable to cross-site scripting (XSS) attacks. This is because the visualization title is enabled in render function of visualize_embeddable_factory.js which allows an attacker to inject and execute arbitrary webscript.
render
visualize_embeddable_factory.js
discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683
github.com/elastic/kibana/commit/daf142ae4a581412b075ab9103136fe3ee27c345
github.com/elastic/kibana/pull/16178
www.elastic.co/community/security