0.001 Low
EPSS
Percentile
22.7%
kibana is vulnerable to cross-site scripting (XSS). The vulnerability exists as the less dependency, used in the TSVB visualization, allows parsing of javascript code in panel_config/markdown.js.
less
panel_config/markdown.js
github.com/elastic/kibana/commit/93e09d23e6d9531d82e1b5ecaa480f89357647b1
github.com/elastic/kibana/commit/a418dc66fa128be74e4de45b04727b35bc37634f
github.com/elastic/kibana/pull/65467
github.com/elastic/kibana/pull/66200
www.elastic.co/community/security#ESA-2020-08
www.elastic.co/community/security/