CVE-2017-8440

Summary

Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Affected Software

VendorProductVersion RangeStatus
ElasticKibana5.3.0 to 5.3.3affected
ElasticKibana5.4.1affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References