Lucene search
Veracode Vulnerability DatabaseVERACODE:25970HistoryJul 28, 2020 - 4:58 a.m.
Cross-site Scripting (XSS)
2020-07-2804:58:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.001 Low
EPSS
Percentile
48.4%
kibana is susceptible to cross-site scripting (XSS). The vulnerability allows a user with privilege to edit or create a region map visualization to inject malicious HTML script via region map visualization feature, leading to sensitive information leakage and perform malicious action on behalf of Kibana users who view the region map visualization.
References
discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786
github.com/elastic/kibana/commit/0bf552bd6baafe3053c68dd20af14a088065df69
github.com/elastic/kibana/commit/eb25b47a75b391bf2bcf236d02cb0afb22a9f226
www.elastic.co/community/security#CVE-2020-7017
www.elastic.co/community/security/
www.oracle.com//security-alerts/cpujul2021.html
Related
osv
osv
CVE-2020-7017
2020-07-27 18:15:14
BIT-elk-2020-7017
2024-03-06 10:51:36
BIT-kibana-2020-7017
2024-03-06 10:54:39
cve
cve
CVE-2020-7017
2020-07-27 18:15:14
nvd
nvd
CVE-2020-7017
2020-07-27 18:15:14
redhatcve
redhatcve
CVE-2020-7017
2020-08-04 05:13:19
prion
prion
Cross site scripting
2020-07-27 18:15:00
cvelist
cvelist
CVE-2020-7017
2020-07-27 18:00:15
nessus
nessus
Photon OS 2.0: Kibana PHSA-2020-2.0-0281
2020-09-21 00:00:00
Photon OS 3.0: Kibana PHSA-2020-3.0-0135
2020-09-08 00:00:00
Photon OS 1.0: Kibana PHSA-2020-1.0-0321
2020-10-21 00:00:00
openvas
openvas
Elastic Kibana < 6.8.11, 7.x < 7.8.1 Multiple Vulnerabilities - Windows
2020-08-03 00:00:00
Elastic Kibana < 6.8.11, 7.x < 7.8.1 Multiple Vulnerabilities - Linux
2020-08-03 00:00:00
ibm
ibm
photon
photon
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00