Cross-site scripting in Kibana - CVE-2016-1000220

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU31416

Cross-site scripting in Kibana - CVE-2016-1000220

Published: June 17, 2017 / Updated: July 18, 2020


Vulnerability identifier: #VU31416
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-1000220
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Elastic Stack
Affected software:
Kibana

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.


How to mitigate CVE-2016-1000220

Install update from vendor's website.

Sources