Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Kibana
(Elastic)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 60 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-06-16 | CVE-2015-9056 | Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. | Kibana | 6.1 | ||
| 2015-06-15 | CVE-2015-4093 | Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Kibana | N/A | ||
| 2019-03-25 | CVE-2019-7608 | Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | Kibana | 6.1 | ||
| 2019-03-25 | CVE-2019-7610 | Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | Kibana | 9.0 |