Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Elastic Subscribe
Filtered by product Kibana
Total 47 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8439 1 Elastic 1 Kibana 2020-08-14 4.3 MEDIUM 6.1 MEDIUM
Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users.
CVE-2017-8440 1 Elastic 1 Kibana 2020-08-14 4.3 MEDIUM 6.1 MEDIUM
Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
CVE-2016-1000219 1 Elastic 1 Kibana 2020-08-14 5.0 MEDIUM 7.5 HIGH
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
CVE-2016-10366 1 Elastic 1 Kibana 2020-08-14 4.3 MEDIUM 6.1 MEDIUM
Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.
CVE-2016-1000220 1 Elastic 1 Kibana 2020-08-14 4.3 MEDIUM 6.1 MEDIUM
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.
CVE-2019-7608 1 Elastic 1 Kibana 2019-09-26 4.3 MEDIUM 6.1 MEDIUM
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
CVE-2019-7610 1 Elastic 1 Kibana 2019-07-30 9.3 HIGH 9.0 CRITICAL
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.