Cross-site Scripting (XSS)

2018-09-2006:07:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

40.5%

JSON

kibana is vulnerable to a cross-site scripting (XSS) attack. The library does not properly sanitize the source text field, allowing a malicious user to inject and execute arbitrary Javascript.

CPENameOperatorVersion
kibanale6.4.0
kibanale5.6.11
atomic-openshift-web-consoleeq3.9.27__1.git.242.0fcf673.el7
atomic-openshift-web-consoleeq3.10.66__1.git.389.adbeb58.el7
atomic-openshift-web-consoleeq3.10.34__1.git.354.55b3e89.el7
atomic-openshift-web-consoleeq3.10.45__1.git.366.22a00b8.el7
atomic-openshift-web-consoleeq3.9.41__1.git.256.9e431bd.el7
atomic-openshift-web-consoleeq3.9.30__1.git.245.4a3aade.el7
atomic-openshift-web-consoleeq3.11.16__1.git.289.ecf7441.el7
atomic-openshift-web-consoleeq3.9.43__1.git.260.c73f17d.el7

Name	Operator	Version
kibana	le	6.4.0
kibana	le	5.6.11
atomic-openshift-web-console	eq	3.9.27__1.git.242.0fcf673.el7
atomic-openshift-web-console	eq	3.10.66__1.git.389.adbeb58.el7
atomic-openshift-web-console	eq	3.10.34__1.git.354.55b3e89.el7
atomic-openshift-web-console	eq	3.10.45__1.git.366.22a00b8.el7
atomic-openshift-web-console	eq	3.9.41__1.git.256.9e431bd.el7
atomic-openshift-web-console	eq	3.9.30__1.git.245.4a3aade.el7
atomic-openshift-web-console	eq	3.11.16__1.git.289.ecf7441.el7
atomic-openshift-web-console	eq	3.9.43__1.git.260.c73f17d.el7