Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Elastic App Search Security Vulnerabilities

cve
cve

CVE-2020-7011

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they c...

6.1CVSS

6AI Score

0.001EPSS

2020-06-03 06:15 PM
30
cve
cve

CVE-2021-22140

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of t...

7.5CVSS

7.5AI Score

0.002EPSS

2021-05-13 06:15 PM
41
4