CVE-2019-7608

Summary

Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Affected Software

VendorProductVersion RangeStatus
ElasticKibanabefore 5.6.15 and 6.6.1affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation

ADP Enrichment

CVE Program Container

Additional References

References