Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that visualization or a dashboard containing the visualization it could execute JavaScript in the victim�s browser.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/elastic-stack-6-8-6-and-7-5-1-security-update/212390 | Vendor Advisory |
https://www.elastic.co/community/security/ | Vendor Advisory |
https://discuss.elastic.co/t/elastic-stack-6-8-6-and-7-5-1-security-update/212390 | Vendor Advisory |
https://www.elastic.co/community/security/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://discuss.elastic.co/t/elastic-stack-6-8-6-and-7-5-1-security-update/212390 - Vendor Advisory | |
References | () https://www.elastic.co/community/security/ - Vendor Advisory |
Information
Published : 2019-12-18 20:15
Updated : 2024-11-21 04:48
NVD link : CVE-2019-7621
Mitre link : CVE-2019-7621
CVE.ORG link : CVE-2019-7621
JSON object : View
Products Affected
elastic
- kibana
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')