CVE-2020-7011
N/A
N/A
Summary
Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim�s web browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Elastic | Elastic App Search | before 7.7.0 | affected |
Weaknesses
- CWE-84: CWE-84: Improper Neutralization of Encoded URI Schemes in a Web Page
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.