kibana is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser to steal session tokens or perform unwanted actions on behalf of the user.
CPE | Name | Operator | Version |
---|---|---|---|
kibana | le | 6.6.0 | |
kibana | le | 5.6.14 | |
kibana | eq | 5.1.1 | |
kibana | eq | 4.5.4__2.el7 | |
kibana | eq | 4.6.4__4.el7 | |
kibana | eq | 5.6.10__1.el7 | |
kibana | eq | 4.6.4__3.el7 | |
kibana | eq | 4.6.4__1.el7 | |
kibana | eq | 5.6.12__1.el7 | |
kibana | eq | 3.1.2__2.el7ost |